Encryption Adoption Reaches 96%, Yet Inconsistent Use Poses Risks

In a recent study conducted by Apricorn, a prominent manufacturer of hardware-encrypted USB data storage devices, it was revealed that 96% of organizations in the United States have adopted encryption policies. This data, released on July 15, 2025, signifies a notable increase in the implementation of encryption strategies among IT security decision-makers. However, the findings also highlight significant inconsistencies in the application of these policies, raising concerns about the protection of sensitive data.

The survey, which involved 200 IT security professionals, indicated that 64% of respondents reported an increase in encryption usage to better safeguard data, particularly in light of the rise in remote and hybrid working models. The report noted a significant uptick in organizations citing remote work as a reason for adopting encryption, with figures rising from 19% in 2024 to 29% in 2025. This shift underscores the necessity of securing endpoints as sensitive data migrates beyond traditional corporate perimeters.

Kurt Markley, Managing Director at Apricorn, emphasized the importance of consistent application of encryption policies. "It's great to see more organizations leaning into encryption, but the job isn't done just because a policy exists. If encryption isn't being used consistently on the devices people carry around every day, then sensitive data is still at risk," he stated.

Despite the progress in encryption adoption, the study revealed a worrisome trend: fewer organizations are using encryption specifically as a defense against ransomware attacks, with only 4% reporting it as a primary focus in 2025, down from 12% the previous year. This decline may reflect the evolving nature of ransomware threats, which have become increasingly sophisticated and challenging to counteract. Instead, organizations have shifted their focus towards data recovery through protected backups rather than solely relying on encryption to prevent initial data breaches.

The survey also uncovered that while 96% of organizations have a defined data encryption policy for removable media, a significant number of respondents (7%) expressed uncertainty about which data sets to encrypt, highlighting a gap in effective cybersecurity planning. Additionally, 36% of organizations reported that they only permit the use of hardware-encrypted, company-approved removable media to mitigate risks associated with lost or stolen devices.

Encryption is predominantly applied to desktops (67%) and laptops (62%), with USB sticks (53%) and portable hard drives (52%) also receiving considerable attention. However, organizations are increasingly looking to expand encryption across various device types, indicating an acknowledgment of the risks posed by portable devices and endpoint data loss.

The study's methodology, conducted by Censuswide between May 23 and May 29, 2025, adheres to the Market Research Society's code of conduct and ESOMAR principles, ensuring the reliability of the findings. As organizations continue to adapt to the evolving landscape of data security, the integration of encryption into daily practices remains crucial for safeguarding sensitive information.

In summary, while the high rate of encryption adoption is promising, the inconsistency in its application raises significant concerns for data security. Organizations must prioritize not only the implementation of encryption policies but also their consistent application across all devices to effectively mitigate risks associated with data breaches and cyberattacks. The evolving threat landscape necessitates a proactive approach to data protection, one that integrates encryption as a fundamental component of cybersecurity strategies across all facets of business operations.