UK businesses are reporting a greater number of data breaches than ever before, according to annual research from Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives. The company’ s 2025 survey reveals that 69 % of organisations surveyed have self-disclosed a breach or potential breach to the Information Commissioner’ s Office( ICO) in the past year, up significantly from 53 % in 2024.

However, the shift could also be interpreted as evidence of a greater sense of awareness and accountability. Just 8 % of businesses surveyed were reported by a third party, compared to 14 % last year, indicating stronger internal reporting processes and a move away from reactive disclosure.

Poor endpoint management

Yet self-reporting does not imply incidents are under control. Apricorn’ s research found that 46 % of organisations surveyed admit their remote or mobile workers knowingly put corporate data at risk in the last year. Additionally, 61 % believe their mobile workforce is likely to expose them to a future breach.

Phishing remains the top cause of data breaches, cited by 37 % of IT decision makers surveyed, closely followed by employee mistakes( 33 %). While external threats continue to pose a risk, the data confirms that human behaviour remains the leading cause of vulnerability, whether through error, negligence or malicious intent.

The majority( 99 %) of organisations have a mobile / remote working security policy in place, and 95 % believe their workers understand and follow it. But this confidence is undermined by a rising number of respondents, 58 %, who say their employees lack the technology or skills needed to properly secure data, even when they are willing to comply.

Adding to the challenge is the continued reliance on employee-owned IT equipment. Fifty-six percent of organisations now allow staff to use personal devices to access corporate systems and data, a 9 % increase over last year and the highest level recorded by Apricorn since 2019.

Only 19 % of respondents said their organisation mandates the use of company-provisioned equipment with endpoint controls. This cautious shift upward from 15 % in 2024, reflects growing awareness but highlights how far most organisations still have to go in order to gain full control of the remote attack surface.

More direct action needed

Jon Fielding, Managing Director, EMEA, Apricorn, warned that businesses cannot afford to confuse policy with protection.“ Too many organisations are relying on assumptions that policies are followed, that devices are secure, that staff know what to do, but if organisations want to reduce

breach risk, they must give staff the right tools to do the right thing.”

The research also revealed deeper technical and operational issues. Almost 37 % of organisations say they cannot be certain that their data is adequately secured or they’ ve lost visibility of where corporate data is stored, while 16 % report that their current technology doesn’ t support secure mobile or remote working. Additionally, a further 11 % said they don’ t know which datasets within their organisation need to be encrypted, pointing to a lack of basic data classification and risk assessment.

The mounting complexity of managing remote technologies is another key concern with more organisations struggling with this than has ever been recorded in the survey. Forty-seven percent of organisations reported that managing all of the technology that employees need and use for mobile / remote working is too complex. � www. intelligentfin. tech

53