Data hoarding can have financial and security consequences

End-of-life data management, be it deletion of what is no longer required, or data removal from hardware before it’s decommissioned, may not get the attention that data loss through breaches generates, but it’s equally critical — and equally dangerous, with almost half of enterprises failing to destroy data they no longer need, according to a new survey.

In its 2025 State of Data Sanitization Report, released on Wednesday, data erasure specialist Blancco revealed that companies globally are being driven to react to these risks by pressures around data security (especially with the advent of AI), regulatory compliance, and sustainability.

While 86% of enterprises have suffered a data breach in the last three years, 73% have experienced a data leak, typically caused by process failure or human error, according to the survey of 2,000 cybersecurity, IT, and sustainability leaders at large enterprises around the world.

With 144 countries now having data privacy and protection regulations in place as of January 2025, and ongoing moves to regulate artificial intelligence, regulatory compliance became the top reason for changing end-of-life data management practices. It was cited by 38% of organizations globally. Sustainability, including that driven by regulatory requirements, came a close second at 34%.

Furthermore, the survey said, only 21% of enterprise data is tagged and classified, making it difficult to tell how much of it is redundant, obsolete, or trivial, and thus ripe for removal. Many organizations retain too much data, with only 53% of respondents saying they destroy data once it is no longer needed for business purposes.

There is good news too. The survey found that 58% of enterprises surveyed have increased their investments in data privacy and protection in the past year, by an average 46%, noting that there was no single investment trigger: “For most, it’s the accumulation of new rules, new technologies, and mounting expectations around responsible data and hardware disposal.”

Wasted resources

Most large enterprises surveyed have upgraded tech to accommodate the needs of AI, the survey found, with 98% replacing endpoints (an average of 25% of their fleet), and 97% replacing an average of 21% of data center equipment.

Of that old equipment, the survey showed, up to half was destroyed, although a large proportion was still functional at destruction time. That, it said, wastes value and resources as well as being environmentally unfriendly.

Over a three-year period, large enterprises typically spend over $1 million destroying functional devices, the survey found — and they also miss out on a potential $1.1 million in lost resale value for those destroyed devices.

Data sanitization is key

Instead of equipment destruction, the survey report recommends data sanitization where possible, so the functional devices can be safely reused or sold without the risk of data leaks.

The International Data Sanitization Consortium defines data sanitization as “the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable.” This process could include physical destruction of the device, cryptographic erasure, or data erasure based on industry standards such as IEEE 2883-2022 and ISO/IEC 27040, which provide both verification of the process and tamper-proof certification that it was completed.

But although many organizations do adhere to these best practices when repurposing or selling equipment, the survey revealed that 25% of laptops and desktops and 19% of data center equipment is refurbished without being sanitized, exposing enterprises to a potential data breach.

“Certified erasure is the only way an organization can be sure that a device is ready for reuse and has an audit trail to prove it—often necessary for compliance purposes,” the survey report noted, adding, “secure, sustainable data sanitization isn’t a bolt-on activity — it has value for your organization throughout data and asset lifecycles.”

Further reading:

• Pulling the plug on old hardware: Life-cycle management explained
• Out with the old: What to do with your unwanted tech gear
• The in-depth guide to data destruction