The 2025 Data Security Report from Fortinet and Cybersecurity Insiders reveals that despite adopting smarter strategies and increasing budgets, data loss incidents continue to rise. While most organizations rely on some form of data loss prevention (DLP), many lack visibility into how employees interact with data—particularly across SaaS and generative AI tools—and often miss the contextual signals that distinguish accidents from genuine risks.

The report indicates that many existing DLP tools may be limiting organizations’ ability to address modern data security challenges. Insider-driven risk has emerged as one of the most pressing and complex issues in enterprise security. As data increasingly flows through users, cloud applications, AI tools, and hybrid environments, traditional perimeter-based and content-only DLP systems are struggling to keep pace.

Key findings from the report include:

• Persistent exposure of sensitive data: 77% of organizations experienced insider-related data loss in the past 18 months, and 58% reported six or more incidents—many stemming from routine user activity rather than malicious actions.
• Most incidents are unintentional: 49% of organizations faced data loss due to employee negligence, while only 16% involved confirmed malicious intent. Another 12% could not determine the cause, and 20% reported no incidents.
• Significant business impact: 45% of respondents reported financial or revenue losses, and 41% estimated damages between $1 million and $10 million for their most serious incident in the past 18 months. Only 8% said the impact was negligible.
• Limited visibility into data use: 72% of organizations said they lack visibility into how users interact with sensitive data across endpoints, cloud services, or SaaS platforms.
• Focus on behavioral context and visibility: The top capabilities sought in next-generation solutions include real-time behavioral analytics (66%), day-one data visibility (61%), and control over shadow AI and SaaS tools (52%).

Best Practices for Modern Data Loss Prevention

To address current data protection challenges, organizations need to move beyond static, policy-heavy DLP models and adopt approaches built on real-time visibility, behavioral context, and unified control across endpoints, cloud, SaaS, and AI environments. The report highlights the following best practices:

• Start with day-one visibility: 75% of organizations wait weeks or months to gain insights from DLP tools, leaving critical blind spots during rollout. Modern systems should provide immediate telemetry across cloud apps, endpoints, and AI tools without requiring extensive policy configuration.
• Monitor behavior, not just violations: 66% of leaders prioritize behavioral analytics, yet few can identify which users pose data risks. DLP approaches should move beyond rule-based detection to identify deviations from normal usage patterns.
• Correlate identity, access, and activity: Static rules alone cannot determine intent. Linking user identity, data access patterns, and contextual risk signals can help distinguish between routine and high-risk behavior, reducing false positives.
• Protect data throughout its lifecycle: Email is no longer the main data exit point. Only 12% of organizations feel prepared for AI-related data exposure, and many lack coverage for personal cloud use, SaaS applications, or unmanaged endpoints. DLP solutions should follow data across all channels, not just at the perimeter.
• Use AI to improve analysis: Artificial intelligence can enhance prioritization, triage, and root-cause investigation by sequencing user behavior, detecting anomalies, and highlighting meaningful risks rather than generating additional alerts.

“Data security is no longer just about deploying tools to identify and prevent the outflow of sensitive information. It now requires a deep understanding of how sensitive data is created, stored, accessed, and used—and how users may, intentionally or unintentionally, put it at risk,” the report notes. “Next-generation data protection strategies are moving beyond static controls toward integrated, behavior-aware approaches that unify DLP and insider risk management, providing real-time visibility across endpoints, SaaS, cloud, and AI environments.” – Vivek Srivastava, Country Manager, India & SAARC, at Fortinet.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!