Insider-driven risk has become one of the most urgent and complex challenges in enterprise security.
This is one of the key findings of the 2025 Data Security Report conducted by cyber security solutions provider Fortinet.
The study is based on a 2025 survey of 883 IT and cyber security professionals and explores the current state of enterprise data protection, where legacy data loss prevention (DLP) tools are falling short, and the capabilities security leaders are prioritising as they modernise their data protection programmes.
The findings show that sensitive data exposure remains a persistent challenge for organisations. In the past 18 months, 77% experienced insider-related data loss, with 58% reporting six or more incidents – often the result of routine user behaviour rather than malicious intent.
According to the report, most cases stemmed from negligence, with 49% of organisations citing careless employees as the cause, compared to 16% involving confirmed malicious activity. A further 12% were unable to determine the cause, while 20% reported no incidents at all.
Fortinet notes that the business impact of these breaches is significant, as 45% of respondents reported financial or revenue losses, and 41% estimated damages of between $1 million and $10 million for their most serious incident, with only 8% describing the impact as negligible.
It points out that visibility into how users interact with sensitive data remains a major gap, as 72% of organisations cannot track data usage across endpoints, cloud services and software-as-service (SaaS) platforms.
In response, it adds, security leaders are increasingly prioritising behavioural context and real-time insight, with demand rising for capabilities such as real-time behavioural analytics (66%), immediate data visibility from day one (61%), and better control over shadow AI and SaaS tools (52%).
As a result, Fortinet says forward-looking organisations are shifting towards integrated, behaviour-driven platforms that provide unified visibility, adapt to risks in real-time, and offer deeper insight rather than relying solely on enforcement.
The report explores this transition, highlighting the practices, capabilities and priorities shaping the future of enterprise data protection.
“As data flows increasingly through users, cloud applications, artificial intelligence tools and hybrid work environments, traditional perimeter-based, content-only DLP tools can’t keep up,” says Fortinet.
“These legacy systems were built to block outflows – not to understand the nuanced behaviours and contexts that expose sensitive data in modern workflows.
“Security leaders are recognising that modern data security requires more than enforcement – it demands visibility into the data, the activities and the people putting that data at risk. Yet most organisations are still relying on traditional DLP tools that weren’t designed for today’s decentralised environments, unstructured data flows, or user-driven cloud and AI usage.”
Share