Gen AI Adoption, Data Growth And insider Risks Creating Unprecedented Data Security Challenges

Proofpoint has released its second annual Data Security Landscape report, revealing that organizations continue to face widespread data loss as they struggle to protect sensitive information amid explosive data growth, AI adoption, and the emergence of AI agents in the workplace. The report, based on insights from 1,000 security professionals across 10 countries, as well as Proofpoint platform data, reveals how the rapid adoption of AI-driven productivity tools and autonomous agents that handle sensitive data is compounding risk for organizations. Many lack the visibility and controls to govern this emerging “agentic workspace,” where humans and AI systems now work side by side. Meanwhile, surging data volumes are putting even greater strain on already stretched security teams. “We’ve entered a new era of data security where insider threats, relentless data growth, and AI-driven change are testing the limits of traditional defenses,” said Ryan Kalember, chief strategy officer, Proofpoint. “Fragmented tools and limited visibility leave organizations exposed. The future of data protection depends on unified, AI-powered solutions that understand content and context, adapt in real time, and secure information across both human and agent activity.” Key global findings include: A call for unified, AI-driven data security programs: Security leaders are increasingly looking to holistic data security and insider risk solutions to reduce security risk and simplify operations. Two-thirds of organizations (65%) have already deployed AI-enhanced data security capabilities to classify data. Half of respondents see the greatest benefit of a unified data security solution as enabling the safe and productive use of AI, while 55% believe it will reduce data loss risk. People continue to drive most data loss incidents: Nearly six in ten (58%) organizations attribute their most significant data loss events to careless employees or third-party contractors, while 42% cite compromised users and 32% point to malicious insiders. Proofpoint telemetry underscores an imbalance: just 1% of users are responsible for 76% of data loss events, emphasizing the importance of behavior-aware, adaptive security strategies. Data loss frequency also remains alarmingly high: respondents reported an average of 11 incidents per year, with some organizations experiencing multiple incidents each month. These incidents can take weeks to resolve, leaving sensitive information exposed and security teams overburdened. Data growth and sprawl exacerbate the challenge: Enterprise data volumes are soaring, stretching visibility and control to the limit. Over a quarter (29%) of organizations saw their data grow 30% or more over the past year. Among enterprises with over 10,000 employees, 41% manage more than a petabyte of data. This unchecked expansion carries serious implications: 46% cite cloud and SaaS data sprawl as a top challenge, and 31% say redundant or obsolete data poses significant risk. Proofpoint platform data reinforces this, showing that 27% of cloud storage is abandoned—unused data that inflates costs and widens the attack surface. The rise of the agentic workspace and new data risks: As organizations rapidly deploy AI across enterprise workflows, it is emerging as a new class of insider risk rivaling human error. Two in five organizations cite data loss via public or enterprise GenAI tools as a top concern, while over a third worry about sensitive data being used in AI training. AI agents—often operating as highly privileged superusers—introduce further risk, with 32% of organizations flagging unsupervised data access by agents as a critical threat. Oversight gaps amplify these risks: 44% of organizations lack sufficient visibility and controls over GenAI tools. Security teams are under strain amid fragmented toolsets: Fragmented security architectures continue to hinder visibility, response, and remediation efforts. More than one in five organizations (21%) report that resolving a data loss incident can take between one and four weeks. With 64% relying on six or more data security vendors, the resulting tool sprawl increases complexity and drains already overextended security teams.