 |
The 2025 Data Security Report from Fortinet and Cybersecurity Insiders reveals that while 72 per cent of organisations raised their data security budgets last year, 41 per cent still suffered insider-related breaches that caused millions in losses. The findings highlight a shift among security leaders towards more programmatic strategies that go beyond technology alone, with funding for insider risk and data protection showing steady growth.
However, despite adopting smarter strategies and allocating stronger budgets, data loss continues to rise. Seventy-seven per cent of organisations reported at least one insider-related incident in the past 18 months, and 58 per cent reported six or more. The question is whether current approaches are truly addressing the root causes.
The shortfall lies in the tools. While most organisations rely on some form of data loss prevention (DLP), many of these legacy solutions were built for simpler, perimeter-driven environments. Most lack visibility into how employees actually interact with data – especially in SaaS and generative AI tools – and they miss the context that separates accidents from actual risk.
In today’s distributed, cloud-heavy enterprises, those limitations make traditional DLP tools poorly suited for the job.
According to the report, 72 per cent of organisations boosted their budgets to address insider risk and data protection last year, with more than a quarter reporting significant increases. Many also added tools and programmatic initiatives to close gaps. However, nearly half still suffered substantial financial losses, often in the millions of dollars per incident. So, despite these aggressive changes, the problem continues to worsen.
The issue isn’t investment. It’s reliance on tools that weren’t built for today’s risks.
Traditional DLP tools were designed to prevent regulated data, such as social security numbers, credit card details, or medical records, from leaving the organisation. They are largely perimeter-focused and compliance-driven, scanning structured data on-premises because external threats were primarily viewed as external to the organisation.
Today’s reality is different. Sensitive data, including intellectual property, is continually being created and shared across cloud services, SaaS platforms, and AI tools. Analysts move entire customer datasets into spreadsheets. Engineers share design files with contractors. Employees paste confidential data into AI assistants. All of this is normal – and increasingly critical to productivity – but each step carries risk.
Traditional DLP solutions fall short because they:
• Lack visibility: 72 per cent of organisations can’t see how employees interact with sensitive data.
• Miss the context behind data at risk: Nearly half of incidents are caused by negligence or error, not malice.
• Operate in silos: Endpoint, email, and network DLPs rarely work together.
• Take too long to deliver value: Three in four organisations wait weeks or months after deployment for meaningful insight.
The result is more alerts, less clarity, and a false sense of control.
What today’s security leaders need from their DLP tools is context. It’s not enough to know that a file was sent. You need to know who sent it, why, and whether the action fits normal behaviour. Without that clarity, security teams are left drowning in alerts that don’t tell the whole story.
That’s why security leaders say next-generation DLP solutions must include:
• Behavioural analytics (66 per cent) to distinguish errors from malicious activity and flag abnormal behaviour
• Day-one visibility (61 per cent) so insights arrive immediately and inform smarter policy
• Shadow AI and SaaS oversight (52 per cent) to close gaps where sensitive data often flows unnoticed
Modern DLP platforms must connect individual events into risk narratives, enabling teams to identify patterns, prioritise risks, and act with confidence. This marks a shift from static enforcement to behaviour-aware visibility that shows what’s happening and why it matters.
Data loss is a business risk, not just a compliance issue – it affects revenue, trust, and long-term viability.
Nearly half of organisations reported direct financial losses from insider-driven incidents. Forty-one per cent estimated losses of $1–10 million for their most significant incident, and 9 per cent reported losses above $10 million. Forty-three per cent suffered reputational damage, while 39 per cent experienced operational disruption. In sectors like biotech and manufacturing, a single leaked dataset or design file can wipe out years of investment and erase a competitive edge.
Many organisations still run a patchwork of tools – often anchored on legacy DLP – that doesn’t fit today’s complex environments and creates unnecessary complexity and workload for security teams.
The report is clear: Though security teams are implementing smarter approaches and winning support and budget from executive leaders, organisations are still experiencing damaging insider risk incidents at an unacceptable rate. The likely culprit? An over-reliance on legacy data loss prevention solutions that haven’t evolved with today’s complex environments and data security needs.
Today’s organisations need a platform that unifies DLP with insider risk management, delivering real-time, behaviour-aware visibility across endpoints, SaaS, cloud, and AI. Fortinet integrates identity, access, and activity data through FortiDLP and the Fortinet Security Fabric to give teams the clarity they need to stop small mistakes from becoming costly breaches.
Programmes will keep evolving, but real progress depends on choosing platforms that deliver answers – not just alerts.
 |
Fortinet threat report reveals record surge in automated cyberattacks
Threat actors are increasingly harnessing automation, commoditised tools, and AI to systematically erode the traditional advantages held by defenders, according to Fortinet’s latest report. |
 |
Detection gaps widen as AI-fuelled attacks reshape cybersecurity in the region
Fortinet, the global cybersecurity leader driving the convergence of networking and security, on June 3 announced the findings of a new IDC survey that reveals a sharp escalation in both the volume and sophistication of cyber threats across Asia-Pacific. |
 |
Fortinet advances quantum-safe security
Fortinet has announced innovations within its unified operating system, FortiOS, that protect against quantum-computing threats to current encryption standards. |
