Confidence
isn't control
208 security leaders across the UK, France, and Germany on the gap between stated collaboration security and operational practice.
From shadow IT to external collaboration, access lifecycle to data residency — what the data says about how sensitive work actually moves through European enterprises.
Most teams trust their collaboration tools. The data doesn't.
Across 208 security leaders we surveyed, the same patterns kept showing up: consumer messengers sitting inside the official stack, external collaboration running on internal tools, access that stays live for months after projects end, and email still doing the heaviest lifting for sensitive workflows.
Each pattern is defensible on its own. Together — under NIS2 and DORA — the gap between policy and practice is exactly what's being audited.
48%
still share sensitive information through tools that weren't built for it — even though 84% rate their collaboration secure.
Both can't be true.
81%
say more than a quarter of sensitive collaboration involves people outside the organisation.
The boundary that should exist doesn't.
61%
say access to shared files stays active longer than intended.
The audit nobody's run yet.
Filter the data yourself
Filter by country and company size to see how the patterns shift. Switch between the four focus areas — Tools in use, Shadow IT, External risk, and Sovereignty — to explore each finding in depth.
See the full benchmark
The full benchmark covers: – Country deep-dives for UK, France, and Germany – Cross-cuts by industry and organisation size – Full methodology and question wording – 24-page PDF.
Download the full report
Click here
Access underlying data
Click here
Get breakdown by country
Click here
.png)
Most organizations trust their tools. The data tells a more complicated story.
High confidence in collaboration security does not always translate into control over sensitive information. The report shows where that gap appears — and why it matters.
Sensitive work does not stop at the company boundary.
Partners, suppliers, customers, and contractors are now part of everyday collaboration. But external sharing often depends on email, links, and messaging apps rather than controlled secure environments.


The real question is not only who received the file. It is who still has access.
Access that remains active too long, files shared outside governed workflows, and disconnected communication/file systems all create control gaps.
What secure collaboration experts are watching in 2026
Three perspectives on what the data means for security teams now.
Wire's 2026 report exposes one of the most dangerous blind spots in modern enterprise security: the illusion of control. Organizations feel protected by internal policies, yet sensitive data regularly moves through ungoverned external workflows and consumer messaging apps. The widespread use of shadow IT is rarely a malicious choice — it is a signal that sanctioned tools are creating too much friction. To close this gap under frameworks like NIS2 and DORA, leaders must ensure that the secure path is also the most intuitive one, for internal teams and external partners alike.
This research shows that collaboration security is no longer decided at the tool level — it is decided by whether organizations can bring secure messaging, external collaboration, and regulatory requirements together as a single discipline. Organizations that continue to treat these three dimensions separately will not close the gap between perceived security and operational reality.
Methodology
The Wire CISO Collaboration Benchmark 2026 is based on a quantitative survey of 208 security leaders across the United Kingdom (n=62), France (n=64), and Germany (n=82), conducted in May 2026. Respondents hold security responsibility either as their primary role (73%) or as part of a broader brief (27%). Industries represented include financial services, technology, public sector, critical national infrastructure, healthcare, and defence. Organisation sizes range from under 50 employees to 5,000+, with mid-market and large enterprise (250–4,999 employees) making up 60% of the base.
All findings in this report reflect the survey base. Country and segment cross-cuts are reported where the sample size supports them (n≥40); smaller sub-segments are presented as parallel cuts rather than intersections.