The 2025 Data Security Report from Fortinet and Cybersecurity Insiders shows despite adopting smarter strategies and allocating stronger budgets, data loss continues to rise. While most organizations rely on some form of data loss prevention (DLP), many lack visibility into how employees actually interact with data, especially in SaaS and generative AI tools, and miss the context that separates accidents from actual risk.
The findings suggest that many existing Data Loss Prevention (DLP) tools may now be limiting organizations’ ability to adapt to today’s data security challenges. Insider-driven risk has become one of the most urgent and complex challenges in enterprise security. As data flows increasingly through users, cloud applications, AI tools, and hybrid work environments, traditional perimeter-based, content-only DLP tools can no longer keep up. Key findings from the report include:
- Sensitive data exposure is persistent: 77% of organizations experienced insider-related data loss in the past 18 months, and 58% reported six or more incidents – many stemming from routine user activity rather than malicious intent.
- Most incidents are unintentional, not malicious: 49% of organizations experienced a data loss incident caused by negligent employees versus only 16% involved confirmed malicious intent. Another 12% could not determine the cause, and 20% did not experience a data loss incident.
- The business impact is material: 45% reported financial or revenue loss, and 41% estimated damages between $1 million and $10 million for their most significant incident over the past 18 months. Only 8% said the impact was negligible.
- Visibility into data use remains a major blind spot: 72% of organizations say they can’t see how users interact with sensitive data across endpoints, cloud services, or SaaS platforms.
- Security leaders are prioritizing behavioral context and real-time visibility: The top capabilities sought in next-gen solutions are real-time behavioral analytics (66%), day one data visibility (61%), and control over shadow AI and SaaS tools (52%).Best Practices for Modern Data Loss PreventionTo meet today’s data protection challenges, organizations must move beyond static, policy-heavy DLP and adopt a modern approach, one built on real-time visibility, behavioral context, and unified control across endpoints, cloud, SaaS, and AI tools. The following best practices reflect that shift and provide a practical blueprint for implementing next-generation DLP:
- Start with Day-One Visibility: 75% of organizations wait weeks or months to gain insight from DLP tools. That delay creates a critical blind spot during rollout. Modern solutions must provide immediate telemetry across cloud apps, endpoints, and AI tools – without requiring complex policy setup first.
- Monitor Behaviour, Not Just Violations: 66% of leaders prioritize behavioral analytics, yet few can identify which users are putting data at risk. DLP must move beyond rule-breaking to detect deviations from normal usage patterns, including frequency, timing, and method of access.
- Correlate Identity, Access, and Activity: Static rules can’t assess intent. By linking user identity, data access patterns, and contextual risk signals, organizations can distinguish between routine activity and high-risk behavior, enabling a more precise response and fewer false positives.
- Protect The Entire Data Journey Across Channels: Email is no longer the primary data exit path. Only 12% feel prepared for AI exposure and many lack coverage for personal cloud, SaaS apps, or unmanaged endpoints. Modern DLP must follow the data wherever it flows—not stop at the perimeter.
- Use AI to Cut Through the Noise: AI shouldn’t just generate more alerts but enhance prioritization, triage, and root-cause investigation. The most effective platforms use AI to sequence user behavior, detect anomalies, and spotlight what actually matters.
“Data security is no longer just about deploying tools to identify and prevent the outflow of sensitive information. It now requires a deep understanding of how sensitive data is created, stored, accessed, used, and how users may, intentionally or unintentionally, put it at risk. This is why next-generation data protection strategies are moving beyond static controls towards a platform that unifies DLP with insider risk management, delivering real-time, behavior-aware visibility across endpoints, SaaS, cloud, and AI. Fortinet integrates identity, access, and activity data through FortiDLP and the Fortinet Security Fabric to give teams the clarity they need to stop small mistakes from becoming costly breaches.”
- Vivek Srivastava, Country Manager, India & SAARC, at Fortinet
