- 83% report WhatsApp is used for sensitive discussions, despite widespread misunderstanding of what encryption protects
- 98% rely on platforms unable to deliver the sovereign control they say they want
- 90% of organizations say they are crisis-ready, yet only 49% have unified crisis communications platforms
BlackBerry Secure Communications, a division of BlackBerry Limited (NYSE: BB; TSX: BB), has published The State of Secure Communications 2026, a survey of 700 security decision-makers across government and critical infrastructure in the United States, United Kingdom, Canada, and Singapore.
The report highlights a widening disconnect between perceived communications security and actual risk exposure, raising concerns about operational resilience and national security implications. One of the most notable findings shows that 83% of security leaders report that WhatsApp is being used for sensitive discussions inside their organizations, despite limited understanding of the platform’s security boundaries.
The Sovereignty Paradox
The study identifies sovereignty and infrastructure control as a growing blind spot in secure communications strategies. While 55% of respondents say sovereign control is a priority, nearly all (98%) continue to depend on foreign-hosted platforms that are not purpose-built for high-security or confidential government communications.
At the same time, 52% of organizations express concern that telecom networks could be monitored or disrupted. These concerns reflect real-world threats already observed in espionage activity targeting telecom infrastructure, including campaigns such as Salt Typhoon and UNC3886 in Singapore.
“Consumer messaging apps were never designed to handle sensitive communications, protect confidentiality, or meet the demands of high-security environments,” said Christine Gadsby, Chief Security Advisor, BlackBerry Secure Communications. “They rely on phone numbers, not verified identities – and encryption protects the channel, not who is on it. That gap is already being exploited, as recent intelligence warnings show, and governments and critical infrastructure organizations are responding by moving toward communications infrastructure they own and trust.”
Confidence Built on Misunderstanding
The findings come amid increasing intelligence warnings from agencies in the United States, United Kingdom, and Europe regarding state-backed espionage campaigns targeting accounts on platforms such as Signal and WhatsApp. These incidents underscore how threat actors are shifting focus from traditional network compromise to consumer messaging platforms embedded in day-to-day operational workflows.
Despite this evolving threat landscape, 88% of surveyed security leaders expressed confidence in their current messaging app security. However, the report suggests this confidence is often based on incorrect assumptions about what encryption actually protects.
Key misconceptions include:
- 52% mistakenly believe encryption protects metadata such as location data, IP addresses, and communication patterns
- 47% believe it prevents impersonation, deepfake, or spoofing attacks
- 41% assume communications remain secure, even after a device has been compromised
These misunderstandings are increasingly reflected in real-world policy responses, with governments tightening guidance and restrictions around the use of consumer messaging applications for sensitive communications. The report emphasizes that encryption alone does not address broader operational security risks.
The Risks of Improvised Crisis Response
The gaps in secure communications strategy become most apparent during high-pressure incidents. While 90% of respondents say they are confident in their ability to manage major crises, only 49% report having a unified communications platform for coordination.
Instead, many organizations continue to rely on fragmented tools not designed for crisis environments, including group chats (54%), email threads (51%), shared spreadsheets (29%), and phone trees (19%). While familiar, these tools lack the real-time coordination, secure governance, and cross-agency visibility required for effective incident response.
Limits of “Good Enough” Security
Overall, the report highlights a consistent pattern across government and critical infrastructure: reliance on communications platforms that were not designed for sovereign control, high-assurance security, or crisis-grade coordination.
The issue extends beyond encryption to underlying architecture. Many consumer platforms generate and store metadata, operate under foreign jurisdictional data laws, and lack the controls required for classified or high-value communications.
As threats continue to evolve—from account compromise to large-scale surveillance—systems considered “secure enough” may quickly become significant attack surfaces. The report ultimately raises a key question for security leaders: whether current reliance on consumer platforms reflects true security readiness or an underestimation of systemic risk.
To learn how BlackBerry Secure Communications is protecting governments and critical infrastructure worldwide with interception-resistant, government-grade secure voice and messaging, visit https://BlackBerry.com/SecureCommunications
Survey Methodology
The State of Secure Communications 2026 was conducted by OnePoll on behalf of BlackBerry. The study surveyed 700 security decision-makers working within government and critical infrastructure organizations across the United States, United Kingdom, Canada, and Singapore.
_____
About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides enterprises and governments the software and services that power the world around us. Headquartered in Waterloo, Ontario, its high-performance foundational software enables automakers and industrial leaders to unlock new applications and business models without compromising safety, security, or reliability. With a deep heritage in Secure Communications, BlackBerry delivers a highly secure, extensively certified portfolio for mobile fortification, mission-critical communications, and critical events management.
For more information, visit BlackBerry.com and follow @BlackBerry.
Media Contacts:
BlackBerry Media Relations
+1 (519) 597-7273
Join our LinkedIn group Information Security Community!
