Fortinet Report Reveals Continued Rise in Data Loss Despite Smarter Data Security Practices and Record Cybersecurity Spending

Budgets Are Rising-So Why Is Data Still Slipping Away?

The 2025 Data Security Report from Fortinet and Cybersecurity Insiders shows that many security leaders are moving beyond a purely tech-driven mindset and adopting a more programmatic approach to protecting sensitive data. Budget trends are positive, with organizations reporting increased funding for insider risk and data protection last year, reflecting success in making the case for investment.

However, despite adopting smarter strategies and allocating stronger budgets, data loss continues to rise. Seventy-seven percent of organizations reported at least one insider-related incident in the past 18 months, and 58% reported six or more. The question is, why?

The gap is in the tools. While most organizations rely on some form of data loss prevention (DLP), many of these legacy solutions were built for simpler, perimeter-driven environments. Most lack visibility into how employees actually interact with data-especially in SaaS and generative AI tools-and they miss the context that separates accidents from actual risk.

In today's distributed, cloud-heavy enterprises, those limitations make traditional DLP tools poorly suited for the job.

Spending More, Securing Less. Why?

According to the report, 72% of organizations boosted their budgets to address insider risk and data protection last year, with more than a quarter reporting significant increases. Many also added tools and programmatic initiatives to close gaps. However, nearly half still suffered substantial financial losses, often in the millions of dollars per incident. So, despite these aggressive changes, the problem continues to worsen.

The issue isn't investment. It's reliance on tools that weren't built for today's risks.

Where Traditional DLP Falls Short

Traditional DLP tools were designed to prevent regulated data, such as Social Security numbers, credit card details, or medical records, from leaving the organization. They are largely perimeter-focused and compliance-driven, scanning structured data on-premises because external threats were primarily viewed as external to the organization.

Today's reality is different. Sensitive data, including intellectual property, is continually being created and shared across cloud services, SaaS platforms, and AI tools. Analysts move entire customer datasets into spreadsheets. Engineers share design files with contractors. Employees paste confidential data into AI assistants. All of this is normal-and increasingly critical to productivity-but each step carries risk.

Traditional DLP solutions fall short because they:

• Lack visibility: 72% of organizations can't see how employees interact with sensitive data.
• Miss the context behind data at risk: Nearly half of incidents are caused by negligence or error, not malice.
• Operate in silos: Endpoint, email, and network DLPs rarely work together.
• Take too long to deliver value: Three in four organizations wait weeks or months after deployment for meaningful insight.

The result is more alerts, less clarity, and a false sense of control.

The Shift to Behavior and Context

What today's security leaders need from their DLP tools is context. It's not enough to know that a file was sent. You need to know who sent it, why, and whether the action fits normal behavior. Without that clarity, security teams are left drowning in alerts that don't tell the whole story.

That's why security leaders say next-generation DLP solutions must include:

• Behavioral analytics (66%) to distinguish errors from malicious activity and flag abnormal behavior
• Day-one visibility (61%) so insights arrive immediately and inform smarter policy
• Shadow AI and SaaS oversight (52%) to close gaps where sensitive data often flows unnoticed

Modern DLP platforms must connect individual events into risk narratives, enabling teams to identify patterns, prioritize risks, and act with confidence. This marks a shift from static enforcement to behavior-aware visibility that shows what's happening and why it matters.

The Real Stakes

Data loss is a business risk, not just a compliance issue-it affects revenue, trust, and long-term viability.

Nearly half of organizations reported direct financial losses from insider-driven incidents. Forty-one percent estimated losses of $1-10 million for their most significant incident, and 9% reported losses above $10 million. Forty-three percent suffered reputational damage, while 39% experienced operational disruption. In sectors like biotech and manufacturing, a single leaked dataset or design file can wipe out years of investment and erase a competitive edge.

Many organizations still run a patchwork of tools-often anchored on legacy DLP-that doesn't fit today's complex environments and creates unnecessary complexity and workload for security teams.

The Way Forward

The report is clear: Though security teams are implementing smarter approaches and winning support and budget from executive leaders, organizations are still experiencing damaging insider risk incidents at an unacceptable rate. The likely culprit? An over-reliance on legacy data loss prevention solutions that haven't evolved with today's complex environments and data security needs.

Today's organizations need a platform that unifies DLP with insider risk management, delivering real-time, behavior-aware visibility across endpoints, SaaS, cloud, and AI. Fortinet integrates identity, access, and activity data through FortiDLP and the Fortinet Security Fabric to give teams the clarity they need to stop small mistakes from becoming costly breaches.

Programs will keep evolving, but real progress depends on choosing platforms that deliver answers-not just alerts.

Download the full 2025 Data Security Report here.