Communication applications have become an integral part of everyday work. Employees, managers, and crisis response teams rely on tools such as WhatsApp, Signal, and Microsoft Teams to share information and coordinate activities. However, BlackBerry’s new study, The State of Secure Communications 2026, reveals a concerning gap between how organizations perceive communication security and the reality of their security posture.
A survey of 700 security leaders from government agencies and critical infrastructure organizations across the United States, Canada, the United Kingdom, and Singapore found that 83% of organizations use WhatsApp for sensitive communications. At the same time, 88% of respondents expressed confidence in the security of their communication platforms. The study suggests, however, that this confidence is often based more on assumptions than on a true understanding of communication security risks.
One of the most striking findings is the lack of understanding around encryption capabilities. More than half of respondents believe that encryption also protects metadata such as IP addresses, location information, and communication patterns. Nearly half believe encryption can prevent spoofing, deepfake attacks, or impersonation attempts. Additionally, 41% think communications remain secure even when a device has been compromised.
In reality, end-to-end encryption protects the content of messages while they are in transit, but it does not address user identity verification, metadata protection, or endpoint security. These areas are increasingly becoming the primary targets of modern cyberattacks.
The study also highlights an interesting contradiction. More than half of organizations consider digital sovereignty and control over communications a priority. Yet 98% of respondents rely on platforms hosted on foreign infrastructure over which they have limited or no direct control.
As data protection requirements, regulations such as NIS2, and geopolitical risks continue to evolve, communication sovereignty is becoming an increasingly important issue—particularly for government agencies, energy providers, healthcare organizations, and other operators of critical infrastructure.
Another notable finding is the gap between perceived and actual crisis readiness. While 90% of respondents believe their organization is prepared to handle a major security incident, fewer than half have a unified platform for coordinating communications during a crisis.
During cyberattacks, service outages, or other critical events, reliable and secure communication often determines the speed of response and the effectiveness of incident management.
The findings of the BlackBerry study show that many organizations still equate encryption with comprehensive security. Protecting sensitive communications today requires much more—from user identity verification and metadata protection to digital sovereignty and crisis preparedness. As cyber threats, AI-driven fraud, and regulatory requirements continue to grow, secure communication will become an increasingly critical component of every organization’s overall security strategy.
Download the full study: State of Secure Communications 2026