46 per cent of remote or mobile workers knowingly put data at risk over the past year.
MANCHESTER, UK; June 2025 – UK businesses are reporting a greater number of data breaches than ever before, according to annual research from Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives. The company’s 2025 survey reveals that 69 per cent of organisations surveyed have self-disclosed a breach or potential breach to the Information Commissioner’s Office (ICO) in the past year, up significantly from 53 per cent in 2024.
However, the shift could also be interpreted as evidence of a greater sense of awareness and accountability. Just eight per cent of businesses surveyed were reported by a third party, compared to 14 per cent last year, indicating stronger internal reporting processes and a move away from reactive disclosure. This change suggests that businesses are beginning to take greater ownership over their breach response strategies and are stepping up to take responsibility.
Yet self-reporting does not imply incidents are under control. Apricorn’s research found that 461 per cent of organisations surveyed admit their remote or mobile workers knowingly put corporate data at risk in the last year. Additionally, 61[1] per cent believe their mobile workforce is likely to expose them to a future breach. These persistent concerns highlight a lack of confidence in user behaviour and endpoint management, especially within decentralised and hybrid work environments.
Phishing remains the top cause of data breaches, cited by 37 per cent of IT decision makers surveyed, closely followed by employee mistakes (33 per cent). While external threats continue to pose a risk, the data confirms that human behaviour remains the leading cause of vulnerability, whether through error, negligence or malicious intent.
The majority (99[2] per cent) of organisations have a mobile/remote working security policy in place, and 951 per cent believe their workers understand and follow it. But this confidence is undermined by a rising number of respondents, 581 per cent, who say their employees lack the technology or skills needed to properly secure data, even when they are willing to comply.
Adding to the challenge is the continued reliance on employee-owned IT equipment. 56 per cent of organisations now allow staff to use personal devices to access corporate systems and data, a 9 per cent increase over last year and the highest level recorded by Apricorn since 2019. Although most organisations use software to control access, these tools often lack the visibility and enforcement provided by corporate-issued devices.
Only 19 per cent of respondents said their organisation mandates the use of company-provisioned equipment with endpoint controls. This cautious shift upward from 15% in 2024, reflects growing awareness but highlights how far most organisations still have to go in order to gain full control of the remote attack surface.
Jon Fielding, Managing Director, EMEA, Apricorn, warned that businesses cannot afford to confuse policy with protection. “Too many organisations are relying on assumptions that policies are followed, that devices are secure, that staff know what to do, but if organisations want to reduce breach risk, they must give staff the right tools to do the right thing.”
The research also revealed deeper technical and operational issues. Almost 37[3] per cent of organisations say they cannot be certain that their data is adequately secured or they’ve lost visibility of where corporate data is stored, while 16 per cent report that their current technology doesn’t support secure mobile or remote working. Additionally, a further 11 per cent said they don’t know which datasets within their organisation need to be encrypted, pointing to a lack of basic data classification and risk assessment.
The mounting complexity of managing remote technologies is another key concern with more organisations struggling with this than has ever been recorded in the survey. 47 per cent of organisations reported that managing all of the technology that employees need and use for mobile/remote working is too complex. Meanwhile, 35 per cent say remote working has made it harder to comply with GDPR, potentially due to rising concerns about cyber sovereignty and data localisation requirements.
Fielding concluded: “Self-reporting breaches is a positive step, but if organisations want to reduce how often they’re doing it, they must bridge the gap between written policy and operational readiness. This includes clear provisioning of secure tools like hardware-encrypted drives, restricting data movement to known systems, and prioritising the secure handling of data at every endpoint.”
Methodology
The research was conducted by Censuswide, among a sample of 200 IT security decision makers. The data was collected between 23.05.2025 – 29.05.2025. Censuswide abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles. Censuswide is also a member of the British Polling Council.
About Apricorn
Apricorn provides American-made, TAA-compliant, FIPS-validated secure storage innovations worldwide. Trusted by companies in finance, healthcare, education, and government, Apricorn’s products have become a standard in data security strategies. Founded in 1983, Apricorn continues to develop award-winning products and patented technologies for enterprises globally. Learn more at www.apricorn.com.
Media Contact:
Alicia Broadest
Origin Communications
t. 07729102956
e. apricorn@origincomms.com
[1] Combining answer options “Strongly agree” and “Agree”.
[2] Combining all yes answer options.
[3] Combining answer options “We cannot be certain that our data is adequately secured” and “We have no control over where company data goes and where it is stored”.