The 2025 Data Security Report from Fortinet and Cybersecurity Insiders showed that despite adopting smarter strategies and allocating stronger budgets, data loss continues to rise. While most organisations rely on some form of data loss prevention (DLP), many lack visibility into how employees actually interact with data, especially in software as a service (SaaS) and generative artificial intelligence (GenAI) tools, and miss the context that separates accidents from actual risk.

The findings suggest that many existing DLP tools may now be limiting organisations’ ability to adapt to today’s data security challenges. Insider-driven risk has become one of the most urgent and complex challenges in enterprise security. As data flows increasingly through users, cloud applications, AI tools, and hybrid work environments, traditional perimeter-based, content-only DLP tools can no longer keep up. Key findings from the report include:

  • Sensitive data exposure is persistent: 77 per cent of organisations experienced insider-related data loss in the past 18 months, and 58 per cent reported six or more incidents – many stemming from routine user activity rather than malicious intent.
  • Most incidents are unintentional, not malicious: 49 per cent of organisations experienced a data loss incident caused by negligent employees versus only 16 per cent involved confirmed malicious intent. Another 12 per cent could not determine the cause, and 20 per cent did not experience a data loss incident.
  • The business impact is material: 45 per cent reported financial or revenue loss, and 41 per cent estimated damages between $1 million and $10 million for their most significant incident over the past 18 months. Only 8 per cent said the impact was negligible.
  • Visibility into data use remains a major blind spot: 72 per cent of organisations say they can’t see how users interact with sensitive data across endpoints, cloud services, or SaaS platforms.
  • Security leaders are prioritising behavioral context and real-time visibility: The top capabilities sought in next-gen solutions are real-time behavioral analytics (66 per cent), day one data visibility (61 per cent), and control over shadow AI and SaaS tools (52 per cent).

To meet today’s data protection challenges, organisations must move beyond static, policy-heavy DLP and adopt a modern approach, one built on real-time visibility, behavioral context, and unified control across endpoints, cloud, SaaS, and AI tools. The following best practices reflect that shift and provide a practical blueprint for implementing next-generation DLP:

  • Start with day-one visibility: 75 per cent of organisations wait weeks or months to gain insight from DLP tools. That delay creates a critical blind spot during rollout. Modern solutions must provide immediate telemetry across cloud apps, endpoints, and AI tools – without requiring complex policy setup first.
  • Monitor behaviour, not just violations: 66 per cent of leaders prioritise behavioral analytics, yet few can identify which users are putting data at risk. DLP must move beyond rule-breaking to detect deviations from normal usage patterns, including frequency, timing, and method of access.
  • Correlate identity, access, and activity: Static rules cannot assess intent. By linking user identity, data access patterns, and contextual risk signals, organisations can distinguish between routine activity and high-risk behavior, enabling a more precise response and fewer false positives.
  • Protect the entire data journey across channels: Email is no longer the primary data exit path. Only 12 per cent feel prepared for AI exposure and many lack coverage for personal cloud, SaaS apps, or unmanaged endpoints. Modern DLP must follow the data wherever it flows—not stop at the perimeter.
  • Use AI to cut through the noise: AI should not just generate more alerts but enhance prioritisation, triage, and root-cause investigation. The most effective platforms use AI to sequence user behavior, detect anomalies, and spotlight what actually matters.

Commenting on the report, Vivek Srivastava, country manager, India and SAARC, Fortinet, said, “Data security is no longer just about deploying tools to identify and prevent the outflow of sensitive information. It now requires a deep understanding of how sensitive data is created, stored, accessed, used, and how users may, intentionally or unintentionally, put it at risk. This is why next-generation data protection strategies are moving beyond static controls towards a platform that unifies DLP with insider risk management, delivering real-time, behaviour-aware visibility across endpoints, SaaS, cloud, and AI. Fortinet integrates identity, access, and activity data through FortiDLP and the Fortinet Security Fabric to give teams the clarity they need to stop small mistakes from becoming costly breaches.”