BlackBerry survey flags secure messaging gaps in government
BlackBerry Secure Communications has published a survey on secure messaging use in government and critical infrastructure organisations. The research, conducted by OnePoll, surveyed 700 security decision-makers in the United States, the United Kingdom, Canada and Singapore.
The findings suggest widespread use of consumer messaging apps for sensitive conversations, alongside confusion about what encryption does and does not protect. According to the survey, 83 per cent of respondents said WhatsApp is used for sensitive discussions within their organisations, while 88 per cent said they were confident in the security of their current messaging apps.
That confidence contrasts with notable gaps in understanding. The survey found that 52 per cent of respondents incorrectly believed encryption protects metadata such as location data, IP addresses and communication patterns. Another 47 per cent believed it prevents impersonation, deepfake, or spoofing attacks, while 41 per cent assumed communications remain secure even after a device has been compromised.
Sovereignty Concerns
The survey also highlighted a gap between stated priorities and the communications systems in use. While 55 per cent of respondents said sovereign control was a priority, 98 per cent said they relied on foreign-hosted platforms not designed for confidential communications or high-security environments.
More than half said they were concerned telecom networks could be monitored or disrupted. BlackBerry linked that concern to espionage campaigns targeting network operators, including Salt Typhoon and UNC3886 in Singapore.
The report comes as authorities in the US, UK and Europe warn of state-backed attempts to target Signal and WhatsApp accounts used by public officials and journalists. BlackBerry said this reflects a shift in risk from the network itself to consumer messaging platforms that have become part of day-to-day operations.
Christine Gadsby, Chief Security Advisor at BlackBerry Secure Communications, said the issue extends beyond whether a messaging service uses encryption.
"Consumer messaging apps were never designed to handle sensitive communications, protect confidentiality, or meet the demands of high-security environments," Gadsby said. "They rely on phone numbers, not verified identities - and encryption protects the channel, not who is on it. That gap is already being exploited, as recent intelligence warnings show, and governments and critical infrastructure organizations are responding by moving toward communications infrastructure they own and trust."
Crisis Readiness
One of the clearest findings was the contrast between perceived readiness and the systems in use: 90 per cent said they were confident in handling a major incident, but fewer than half had a unified crisis communications platform.
The report argues that the central issue is not simply whether messages are encrypted in transit. It says architecture, data handling and operational control also shape exposure, particularly where platforms retain metadata, fall under foreign data-access laws or lack controls suited to highly sensitive or classified communications.
That raises a broader policy question for public-sector bodies and infrastructure operators that have adopted widely available consumer tools because they are familiar and easy to deploy. The survey suggests many security leaders remain confident in those tools even when they do not fully understand the limits of identity protection, metadata exposure or device compromise.
BlackBerry's sample covered security decision-makers across two sectors facing growing scrutiny over resilience, national security and operational continuity. In both, the balance between convenience and control has become more contentious as cyber espionage campaigns expand from infrastructure and networks to the applications used by staff and officials.