Key Takeaways
- 83 % of security leaders say WhatsApp is used for sensitive discussions, even though many misunderstand what its encryption actually protects.
- 98 % of organizations rely on foreign‑hosted platforms despite 55 % stating sovereign control is a priority.
- Only 49 % have a unified crisis‑communications platform, yet 90 % claim they are crisis‑ready.
- Common misconceptions: over half believe encryption hides metadata, nearly half think it stops impersonation, and 41 % assume security survives a compromised device.
- Fragmented tools (group chats, email threads, spreadsheets, phone trees) dominate incident response, lacking the governance and real‑time coordination needed for high‑stakes events.
Overview of the Survey
BlackBerry Secure Communications released The State of Secure Communications 2026, a study of 700 security decision‑makers from government and critical‑infrastructure sectors in the United States, United Kingdom, Canada, and Singapore. The research exposes a growing gap between perceived security and actual risk, highlighting concerns over operational resilience and national‑security implications. By quantifying attitudes toward messaging apps, sovereignty, and crisis readiness, the report provides a data‑driven foundation for re‑evaluating current communications strategies.
WhatsApp Use for Sensitive Discussions
A striking 83 % of respondents reported that WhatsApp is employed inside their organizations for sensitive or confidential conversations. This widespread reliance occurs despite a limited understanding of the platform’s security boundaries. Many leaders assume that end‑to‑end encryption guarantees total protection, overlooking the fact that encryption secures only the content of messages, not the surrounding context or the identity of participants.
The Sovereignty Paradox
While 55 % of surveyed professionals identified sovereign control as a priority, a staggering 98 % continue to depend on foreign‑hosted platforms that were not purpose‑built for high‑security government communications. This contradiction reveals a blind spot: the desire for autonomy clashes with the practical inertia of using familiar, consumer‑grade apps. Concerns about telecom network monitoring or disruption—expressed by 52 % of participants—further underscore the vulnerability introduced by relying on infrastructure outside domestic jurisdiction.
Confidence Built on Misunderstanding
Despite evolving espionage threats targeting platforms such as Signal and WhatsApp, 88 % of security leaders expressed confidence in their current messaging‑app security. However, the survey indicates that this confidence often rests on incorrect assumptions about encryption’s scope. Key misconceptions include:
- 52 % believe encryption protects metadata such as location data, IP addresses, and communication patterns.
- 47 % think it prevents impersonation, deepfake, or spoofing attacks.
- 41 % assume communications remain secure even after a device has been compromised.
These misunderstandings are increasingly shaping policy, as governments tighten guidance on consumer‑app use for sensitive work, recognizing that encryption alone does not mitigate broader operational‑security risks.
The Risks of Improvised Crisis Response
When a crisis strikes, the shortcomings of ad‑hoc communications become evident. Although 90 % of respondents claim confidence in managing major incidents, only 49 % report having a unified crisis‑communications platform. Instead, organizations lean on fragmented tools not designed for high‑pressure environments: group chats (54 %), email threads (51 %), shared spreadsheets (29 %), and phone trees (19 %). While familiar, these solutions lack real‑time coordination, secure governance, and cross‑agency visibility—critical elements for effective incident response and decision‑making under duress.
Limits of “Good Enough” Security
The report highlights a persistent pattern: reliance on communications platforms that were never engineered for sovereign control, high‑assurance security, or crisis‑grade coordination. Consumer apps generate and store metadata, operate under foreign data‑jurisdiction rules, and lack the stringent controls required for classified or high‑value exchanges. As threat actors shift from network compromise to direct account exploitation on messaging platforms, systems deemed “secure enough” can rapidly become significant attack surfaces. The central question for security leaders is whether current dependence on consumer‑grade tools reflects genuine readiness or an underestimation of systemic risk.
Implications and Recommendations
The findings urge organizations to reassess their communications architectures. Prioritizing platforms that offer verified identity management, metadata minimization, domestic data residency, and integrated crisis‑response capabilities can close the sovereignty and readiness gaps. Investing in government‑grade, interception‑resistant solutions—such as those offered by BlackBerry Secure Communications—may provide the assurance needed to protect sensitive discussions, maintain operational continuity, and uphold national security in an increasingly hostile threat landscape.
Survey Methodology
The State of Secure Communications 2026 was conducted by OnePoll on behalf of BlackBerry. The study surveyed 700 security decision‑makers working within government and critical‑infrastructure organizations across the United States, United Kingdom, Canada, and Singapore. Respondents represented a mix of roles responsible for cybersecurity, communications, and emergency‑management functions.
About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides enterprises and governments with software and services that power critical operations worldwide. Headquartered in Waterloo, Ontario, the company leverages its heritage in secure communications to deliver a highly certified portfolio for mobile fortification, mission‑critical messaging, and critical‑events management. For additional information, visit BlackBerry.com or follow @BlackBerry.
Media Contact
BlackBerry Media Relations
+1 (519) 597‑7273
[email protected]
Join our LinkedIn group Information Security Community!