Consider the number of connected devices in your own home, from smartphones and laptops to televisions and routers. Now, for your organization, multiply that number by tens, or even hundreds of thousands. The widespread adoption of connected devices has created a new reality for IT and security professionals, one defined by unprecedented complexity and risk.
In our new study, the 2025 Device Security Threat Report, we analyzed over 27 million connected devices belonging to 1,803 enterprise network customers to reveal a critical truth: there is a massive visibility gap across unmanaged, managed and IoT devices. In an environment with tens of thousands of assets, attackers are exploiting the gap between knowing a device exists and understanding the actual risk it creates. This report shows why a deep understanding of device context and proactive risk mitigation is essential for modern security.
The Core Problem: Too Many Devices, Not Enough Protection
The foundational challenge for modern enterprise security teams is serious: organizations have lost track of what's on their networks and what those devices are doing. The numbers tell a stark story. The average enterprise network hosts approximately 35,000 devices spanning 80 different types. This creates massive blind spots.
One Third of Devices Are Unmanaged
A full 32.5% of all devices in corporate networks operate outside IT control. This includes IoT devices like smart TVs and thermostats, as well as personal phones and laptops that employees bring to work. These devices can't be monitored using traditional security tools, yet they're connected to your network.
Four in 10 Company Devices Lack Protection
Even more concerning, nearly 39% of IT devices registered in Active Directory lack an active EDR or XDR. These are company-owned computers and servers that should be protected but aren't. This creates an enormous gap where attackers can operate undetected.
This visibility problem is serious on its own. But the real danger comes from not understanding how these devices connect and communicate with each other.
Why Knowing Isn't Enough: The Context Gap
Finding out a device exists on your network is the first step. Understanding what it's doing, what it can access, and how vulnerable it is comes next. Most organizations struggle with this second part, and it's costing them.
The report reveals that 77.74% of networks have poor segmentation. In practical terms, we define poor segmentation as subnets where neither IT devices (servers, laptops) nor IoT devices (cameras, smart devices) make up more than 55% of the devices on that subnet. These mixed networks mean low-security devices like smart coffee makers and high-value targets like financial servers sit on the same network segment. They can talk to each other directly. This flat architecture turns every weak device into a potential doorway to your most sensitive systems.
The data proves this isn't just a theoretical concern. The report found that 48.2% of all connections from IoT devices to company IT systems come from high-risk IoT devices. Think of an outdated security camera with known vulnerabilities connecting directly to a server holding customer data. This happens constantly, and most security teams don't even know it's occurring.
What Attackers Are Actually Doing
While security teams struggle with visibility and context, attackers are taking advantage of basic, well-known techniques. The most common attacks aren't sophisticated or new. They're brute-force attacks that try millions of password combinations (3.48 billion attempts) and exploit old vulnerabilities like Apache Log4j (2.7 billion attempts).
These attacks work because of the visibility and context gaps outlined above. An attacker compromises an unmonitored IoT device, uses the flat network to move laterally, and targets unprotected systems. It's a straightforward playbook that succeeds at scale.
To cut through the noise, the report identifies which device types pose the greatest risk, based on their vulnerabilities, attack frequency and importance to business operations.
Source: 2025 Device Security Threat Report
This ranking should refocus priorities. The biggest threats aren't necessarily the most advanced. They're the everyday devices your team uses: employee phones, work computers and office cameras. These common devices combine technical weaknesses with high-value access, making them prime targets.
The Path Forward: From Counting Devices to Proactive Mitigation
The 2025 Device Security Threat Report delivers a clear message: making a list of your devices is not a security strategy. Real protection requires understanding the full picture of what those devices are doing and proactively mitigating those risks.
This shift from basic visibility to proactive risk mitigation is what separates organizations that get breached from those that stay protected. Security teams need to know not just which devices are on the network, but which devices pose real risk and how to proactively mitigate those risks. This intelligence allows you to move from constantly reacting to threats to actually preventing them.
The complete report analyzes over 27 million devices across 1,803 enterprise networks and includes detailed breakdowns of exploitation attempts, vulnerability distributions, malware trends and risk assessments by device category.
Download your copy of the 2025 Device Security Threat Report now.