Zombie IT assets are company-owned devices sitting in former employees' homes, untracked, unrecovered, and often loaded with sensitive company data. According to Gartner, 30% of IT assets in the average organization are ghost assets with no clear owner or location. Capterra's 2022 research found that departing employees walk away with an average of $1,963 in equipment, and 71% don't return it on time. For a 500-person company with normal turnover, that's easily $150,000 in unreturned company laptops right now.
If that number surprises you, you're not alone. Most IT teams don't realize how bad the zombie IT problem is until they run a proper audit. At Rayda, we help companies retrieve, wipe, and redeploy devices across 170+ countries, and we see this pattern constantly. Talk to us if you want help recovering lost devices, or read on for a full breakdown of what zombie IT assets cost, why they pile up, and the five-step audit to find yours.
This post covers what zombie IT assets are, the real financial and security costs, and exactly how to audit and recover untracked company devices before they become a bigger problem.
What Are Zombie IT Assets and Why Should Your Company Care?
Zombie IT assets are company-owned devices, typically laptops, phones, tablets, or accessories, that have left your office or direct control and never came back. They sit in former employees' spare rooms, junk drawers, or closets, still powered off, still holding company data, and still costing you money on software licenses and MDM seats. Unlike officially decommissioned hardware, zombie assets haven't been wiped, documented, or accounted for. They're just gone.
The term "ghost IT assets" is sometimes used interchangeably, but there's a meaningful difference. A ghost asset can be a device that's still on your books but physically lost anywhere inside your company, think a laptop that's been sitting in a locked cabinet since 2021. A zombie IT asset is specifically one that walked out the door with a person who no longer works for you. It's undead: technically yours, but functionally beyond your reach.
This matters because it's not just a hardware problem. Every untracked device is a potential data exposure event, a compliance gap, and a line item you're paying for but not using. The NIST guidelines on media sanitization make clear that organizations are responsible for data on devices they own, regardless of where those devices physically are. "We can't find it" is not a compliant answer.
The zombie IT problem has gotten worse with remote work. When everyone was in the same office, returning a laptop on your last day was a natural, enforced step. Now, with device tracking for remote employees often patchy and offboarding happening over Zoom, the friction of returning equipment has multiplied, and so has the pile of unreturned company laptops.
How Many Untracked Devices Are Sitting in Former Employees' Homes?
The honest answer: more than most IT managers expect. Gartner's research puts 30% of IT assets in the average organization in the "ghost asset" category, meaning no verified owner, no confirmed location, or both. Capterra's 2022 survey found that 71% of departing employees do not return equipment on time, and the average value of unreturned gear is $1,963 per person.
Run that math on your own company. Take your headcount, apply a realistic annual turnover rate (the US average is around 13% per year, per the Bureau of Labor Statistics), and calculate how many people have left in the past two to three years. Not all of them took devices. But a meaningful percentage did.
For a 200-person company with 13% annual turnover, that's about 26 leavers per year. Over three years, 78 people. If even half failed to return equipment, you're looking at 39 devices, worth roughly $76,500 at Capterra's average. For a 500-person company, the math tips past $150,000 quickly.
These numbers assume average device values. If your team is using MacBook Pros or high-spec engineering laptops, the per-device figure is higher. If you're also counting monitors, docking stations, and peripherals, it climbs further.
The problem compounds because many companies don't realize devices are missing until they try to do a physical audit, and by then the window for easy recovery has closed. The longer a device sits unrecovered, the harder retrieval becomes. Former employees move, change contact details, or simply stop responding. This is why device tracking for remote employees needs to be a live, ongoing process, not something you do once a year in a spreadsheet.
If your current tracking setup runs on spreadsheets, you're already behind. Here's why spreadsheets break down for device tracking at scale and what to use instead.
What Are the Five Biggest Risks of Zombie IT Assets?
Untracked company devices create five distinct categories of risk, each with real financial consequences.
1. Data breach exposure
A former employee's laptop almost certainly contains email history, files, credentials, and cached logins. If that device is lost, sold, or accessed by someone else, you have a breach on your hands. IBM's 2024 Cost of a Data Breach report puts the average breach cost at $4.88 million. Unreturned company laptops are a common and preventable entry point.
2. Compliance failure
Regulations like GDPR, HIPAA, and SOC 2 require you to know where company data lives and to ensure it's properly destroyed when devices are decommissioned. A laptop sitting in a former employee's attic, unwiped and unaccounted for, is a compliance violation waiting to be discovered during an audit.
According to CISA's guidance on data handling, organizations must maintain documented evidence of data disposal. "Lost in offboarding" doesn't satisfy that requirement.
3. Wasted software spend
Every zombie IT asset sitting unused probably still has active licenses attached to it. Microsoft 365, Slack, endpoint security software, MDM platform seats. You're paying per device or per user, and a ghost device with an active license is pure waste. Multiply that across 30 or 50 devices and the annual software bill adds up fast.
4. Redeployment gaps
When you hire a new person and need a device fast, the answer should sometimes be "we already have one." But if your inventory is full of ghost IT assets that are unaccounted for, you end up buying new hardware while perfectly usable devices sit unused. That's a direct cost, and it also slows down onboarding. A new hire waiting for a laptop on day one is a problem you can partly solve by recovering what you already own.
5. Physical asset loss
Devices depreciate. A laptop that isn't recovered within 12 to 18 months of an employee leaving is increasingly unlikely to ever come back in usable condition. At that point, the residual value is gone. You've absorbed the full cost of a device you can't use, can't redeploy, and can't write off properly.
How Much Do Zombie IT Assets Cost Your Company Per Year?
The cost of zombie IT assets breaks into three buckets: hardware loss, software waste, and breach risk. Here's how it stacks up across fleet sizes.
| Risk Category | Cost Per Device | At 50 Zombie Devices | At 200 Zombie Devices |
|---|---|---|---|
| Hardware loss (device value) | $1,963 avg | $98,150 | $392,600 |
| Wasted software licenses | ~$400/yr | $20,000/yr | $80,000/yr |
| MDM/endpoint seat waste | ~$120/yr | $6,000/yr | $24,000/yr |
| Compliance audit exposure | Variable | Significant | High |
| Data breach risk (IBM avg) | $4.88M per event | One breach = crisis | One breach = crisis |
Software license waste is often the most invisible cost. A $35/month Microsoft 365 Business Premium seat costs $420 per year per device. If your MDM platform charges $10/month per device, that's another $120. Across 50 ghost IT assets, you're burning $27,000 per year in licenses alone on devices that are doing nothing for your business.
The breach risk is harder to quantify on a per-device basis, but the direction is clear. An unwiped, untracked laptop in an unknown location is one of the highest-probability breach vectors you have. The NIST SP 800-88 framework exists precisely because data on retired devices is a well-documented attack surface.
Understanding the true cost of equipping remote employees globally means accounting for retrieval failures, not just procurement costs. Zombie assets are the hidden tax on a device program that looks fine on paper.
How Do You Run a Zombie IT Asset Audit in 5 Steps?
A zombie IT asset audit takes most IT teams two to three weeks to complete from scratch. The five steps below are ordered by priority. Start with the data you have, then fill in gaps systematically.
| Step | Action | Tool/Method | Output |
|---|---|---|---|
| 1. Pull your full asset register | Export every device your company has ever purchased or assigned | ITSM, MDM, or procurement records | Master device list with serial numbers |
| 2. Cross-reference against active employees | Match devices to current headcount | HRIS export + MDM enrollment data | List of devices assigned to former employees |
| 3. Check MDM last-seen dates | Identify devices that haven't phoned home in 90+ days | Jamf, Intune, Mosyle, or your MDM platform | Shortlist of likely zombie IT assets |
| 4. Attempt contact and recovery | Email, then escalate through HR or legal if needed | Offboarding checklist, recovery vendor | Devices returned or formally written off |
| 5. Wipe and redeploy or dispose | Every recovered device must be wiped before reuse | MDM remote wipe or certified physical wipe | Clean inventory additions or compliant disposal |
Step 1: Pull your full asset register. This sounds obvious, but many companies have devices spread across three systems: a procurement spreadsheet, an MDM platform, and an ITSM tool that nobody's kept current. Reconcile all three before you do anything else. If your asset register lives only in spreadsheets, that's a systemic problem worth fixing. Here's a practical guide to moving away from spreadsheets for device tracking.
Step 2: Cross-reference against current headcount. Pull an export from your HRIS of everyone who has left in the past two to three years. Match those names against device assignments in your asset register. Every device assigned to a former employee and not checked back in is a potential zombie IT asset. Flag all of them.
Step 3: Check MDM last-seen dates. Your MDM platform (Jamf, Microsoft Intune, Mosyle, and similar tools) logs the last time each enrolled device connected to the network. A device that hasn't phoned home in 90 days and is assigned to someone who left six months ago is almost certainly a zombie. Sort by last-seen date and build your priority recovery list from the most recently active devices first, since those are most likely to still be reachable.
Step 4: Attempt contact and recovery. For devices in lower-risk categories, a polite email to the former employee's personal address (if you have it) often works. For high-value or compliance-sensitive devices, escalate faster. Have HR and legal involved in the communication if needed. Critically, include a specific deadline and explain clearly what happens if the device isn't returned. If you're dealing with devices in other countries, a retrieval service that does local physical pickups is far more effective than sending a prepaid shipping label that never gets used. For a practical guide to this process, here's how to retrieve company laptops from remote employees who've left.
Step 5: Wipe and redeploy or dispose. Every device that comes back needs to be treated as potentially compromised. Run a certified remote wipe via MDM before the device reconnects to any network. For devices returning physically, a manual wipe following NIST SP 800-88 guidelines is appropriate. Once clean, assess whether the device is worth redeploying (typically yes for hardware under three years old) or whether it goes to certified e-waste disposal. Either way, close the loop in your asset register.
How Do You Prevent Zombie IT Assets From Accumulating in the Future?
Prevention is the long-term fix. The audit above recovers what you've already lost. This section stops the same problem from rebuilding over the next 12 to 24 months.
The root cause of zombie IT assets is almost always a weak offboarding process, specifically one where device return isn't enforced before access is cut and final pay is released. If returning a laptop is optional-feeling, a meaningful percentage of people won't do it. Make it structural.
Tie device return to offboarding completion. Work with HR and payroll to include device return confirmation as a required step before final paycheck processing (within legal limits in your jurisdiction). This single change eliminates a large portion of unreturned company laptops. It's not punitive. It's just the same logic as collecting a physical office key.
Use MDM-based device tracking for remote employees as a permanent practice, not just during offboarding. You should know where every device is, when it last checked in, and who it's assigned to at any given moment. If a device goes dark for 30 days, that should trigger an alert, not a surprise during an annual audit. Understanding device lifecycle management end-to-end is the foundation for making this systematic.
Pre-schedule retrieval at hire time. This sounds counterintuitive, but it works. When you provision a device for a new hire, simultaneously create a retrieval record in your system with a target date two to three years out (matching your device refresh cycle). When that employee offboards, the retrieval process is already mapped. Nothing has to be improvised.
Don't rely on prepaid shipping labels for remote employees. This is a common failure mode. IT sends a label, the employee means to ship it back, and the box sits in their hallway for six months. For remote employees, especially those in other cities or countries, a service that does local physical pickup consistently outperforms any self-return approach. At the scale of 50 or more remote employees, this is worth the per-retrieval cost.
Conduct a mini-audit every quarter, not once a year. A quarterly MDM sweep for devices that haven't checked in recently, cross-referenced against your current employee list, takes about an hour and catches ghost IT assets before they become deeply buried. A quarterly cadence also means the contact details for recent leavers are still current and recoverable is much higher.
If you're managing devices across multiple countries, preventing zombie IT assets also means having country-appropriate retrieval methods in place before they're needed. Shipping a prepaid label to a former employee in Nairobi or Jakarta is unlikely to result in a returned laptop. Local pickup networks are the practical alternative.
FAQ
What are zombie IT assets?
Zombie IT assets are company-owned devices, most commonly laptops, phones, and tablets, that are no longer in active use but haven't been formally recovered, wiped, or decommissioned. They typically end up in former employees' homes after offboarding. Unlike properly retired devices, zombie assets are untracked, often still holding company data, and frequently still accruing software license costs.
How many company devices go untracked on average?
Gartner estimates that 30% of IT assets in the average organization are ghost assets with no verified owner or location. Capterra's 2022 research found that 71% of departing employees do not return equipment on time. For a company with 200 employees and normal annual turnover, this can translate to dozens of untracked devices within a two-to-three-year window.
What is the security risk of unreturned company laptops?
An unreturned company laptop typically contains email history, cached credentials, locally stored files, and application data. If that device is lost, sold, or accessed by someone unauthorized, it becomes a data breach. IBM's 2024 Cost of a Data Breach report puts the average breach cost at $4.88 million. Regulatory frameworks including GDPR and HIPAA also require documented evidence of data destruction on decommissioned devices, which unrecovered hardware cannot satisfy.
How do I find untracked devices in my organization?
Start with your MDM platform and filter for devices that haven't checked in for 90 or more days. Cross-reference those devices against your HRIS export of employees who have left. Any device assigned to a former employee that isn't checked back into your inventory is a candidate zombie IT asset. From there, prioritize outreach based on device value, data sensitivity, and how recently the employee departed.
What is the best way to retrieve company devices from former employees?
A direct, deadline-based communication from HR or IT, combined with a practical return method, works best. Prepaid shipping labels work poorly for remote employees, especially international ones. Local physical pickup services, where someone collects the device directly from the former employee's address, have significantly higher recovery rates. For international cases, a retrieval partner with local presence in the relevant country removes the main logistical barrier.
How do I prevent zombie IT assets from accumulating?
Tie device return to a required step in your formal offboarding process, ideally before final pay is confirmed. Use MDM-based device tracking for remote employees as an ongoing live practice, with alerts for devices that go dark. Run a quarterly MDM sweep to catch untracked devices early. Pre-schedule retrievals at the time of device deployment, and for remote or international employees, use a retrieval service that can do local pickups rather than relying on the employee to ship the device back.
If your company has gone through any meaningful growth or turnover in the past two years, there's a strong chance you have zombie IT assets sitting unaccounted for right now. Rayda's automated retrieval network covers 170+ countries. When an employee offboards, we pick up the device, wipe it, and return it to your inventory or redeploy it elsewhere in your fleet. We also help you build the systems that stop the zombie pile from growing back. Book a demo to find out how many untracked devices are in your fleet and what it would take to recover them.
[mc4wp_form id=6322]
