36 Endpoint Security Statistics MSPs Should Know About in 2025 

You can’t secure what you don’t know exists. 

That’s only part of the challenge MSPs face when managing endpoint security.

Endpoint security becomes even more complex when you factor in the number of unmanaged devices continually added to the corporate network.

Do you know the number of unauthorized productivity SaaS applications being used by employees on their personal devices? Most likely not. But shadow IT is only part of the problem MSPs and IT managers encounter daily. 

We’re not even talking about BYOD policies that aren’t deployed or followed protocol. How about former employees who still have company-issued laptops they haven’t returned yet? Each unsecured endpoint is a prime target for attackers to exploit. 

Wait until you see what else the Guardz team discovered. 

Here are 36 endpoint security statistics in 2025 that every MSP must be aware of.

Unsecured Connections: Endpoint Security Risks of BYOD

• 92% of remote workers report using their personal tablets or smartphones for work tasks, with 46% of them having saved a work file onto those devices. – The State of Remote Work Security
• 97% of executives access work accounts or applications via their personal devices. – 2023 Not (Cyber) Safe for Work Report
• 80% of executives are likely to send work-related messages from their personal devices. – 2023 Not (Cyber) Safe for Work Report
• Microsoft research found that 80-90% of successful ransomware attacks come from unmanaged devices. – Microsoft
• 62% of cybersecurity professionals cite data loss and leaks as their top BYOD-related concerns. Menlo Security
• 36% of employees who said they use a personal device for work purposes admitted to delaying applying security updates. – The HIPAA Journal
• 71% of employees store sensitive work passwords on personal phones. – Security Magazine
• 67% of enterprises use up to five separate vendors for management and security across all device types. Computerworld
• Only 38% of companies have a policy prohibiting employees from storing plain-text access credentials on their devices. The Sensitive Data Report
• Only 42% of companies surveyed have a solution to proactively locate sensitive data on an employee device. The Sensitive Data Report
• 38% of employees admitted that their employer doesn’t have any BYOD policies, or the policy is sometimes or always ignored. – The HIPAA Journal

Endpoints Unknown: The Dangers of Shadow IT

• Gartner found that shadow IT accounts for 30-40% of IT spending in large enterprises. Forbes
• According to Cisco, 80% of company employees use shadow IT. IBM
• 76% of SMBs report that shadow IT threatens security. LastPass
• 58% of SMBs have experienced high-impact shadow IT efforts outside the knowledge of their official IT department. Capterra 
• While the average large enterprise believes it uses 37 apps, employees actually use 625 apps. – CIO
• 30% of IT leaders claim that information security is the biggest obstacle to BYOD adoption. CloudSecureTech
• Shadow IT usage has increased by 59% with remote work. Keepnet
• 47% of companies allow employees to access their resources on unmanaged devices, authenticating via credentials alone. The Shadow IT Report
• 70% of employees using ChatGPT at work hide it from their employers. Business Insider
• Nearly 1/3 (32%) of remote and hybrid workers use apps or software not approved by IT.  Infosecurity Magazine
• A study found that 59% of organizations have experienced data loss through cloud-based shadow IT. Ponemon Institute
• ChatGPT is the top unauthorized app that is secretly used by workers. Fortune 
• “By 2027, 75% of employees will acquire, modify or create technology outside IT’s visibility — up from 41% in 2022.” Gartner

Employee-Related Endpoint Security Threats 

• Among HR workers who offboarded employees in the past year, 71% say at least one employee didn’t return company-owned equipment, like a laptop or smartphone. Capterra
• 65% of employees said they often bypass their organization’s security policies to improve productivity and make their lives easier. The HIPAA Journal
• Over 90% of security incidents involving lost or stolen devices result in an unauthorized data breach. Samsung Knox
• 13% of employees admit to falling for phishing attacks while working at home. – Security Magazine
• A study by Wing Security found that 63% of businesses may have former employees with access to organizational data. The Hacker News
• 62% of employees surveyed reported moving company IP to non–company devices. USACI
• An HR offboarding study found that 59% of stolen company-owned equipment contained sensitive information and that only 55% were able to completely lock out the employee from using the equipment. Capterra

Endpoint-Related Attacks  

• There was a 300% increase in endpoint malware detections in Q3 of 2024. Help Net Security
• In 2024, a Twilio data breach exposed 33 million phone numbers from Authy accounts, which was traced back to an unauthenticated API endpoint. Security Week
• A study found that 90% of successful cyberattacks and as many as 70% of successful data breaches originate at endpoint devices. Verizon Business 2023 Mobile Security Index
• 54% of security professionals said that more than 20% of their overall endpoints were unmanaged. CSO Online
• A survey found that 67% of MSPs experienced an attack from an AI-borne threat in the last 12 months and that AI attacks could soon become more of a threat than endpoint attacks. SC Media

Secure Your Endpoints with Guardz 

Visibility is the key factor when it comes to endpoint security. 

The Guardz platform includes native endpoint protection that integrates with SentinelOne EDR, delivering best-in-class endpoint security. This enables MSPs to scale 365-day coverage without added complexity or cost.  

Schedule a demo today and discover your organization’s device security posture.