77% of Firms Suffer Insider-Linked Data Breaches, Finds Fortinet’s 2025 Data Security Report

New Delhi, October 8: A new global survey by Fortinet and Cybersecurity Insiders reveals that 77% of organizations experienced at least one insider-related data loss incident in the past 18 months — with 58% reporting six or more.

The 2025 Data Security Report, based on responses from 883 IT and cybersecurity professionals, warns that traditional Data Loss Prevention (DLP) tools are now becoming a barrier rather than a safeguard, as they fail to keep pace with today’s decentralized, AI-driven work environments.

Nearly 49% of incidents stemmed from employee negligence rather than malicious intent, while 45% of affected firms reported financial or revenue losses, and 41% estimated damages between $1 million and $10 million.

The report highlights that 72% of organizations lack visibility into how users interact with sensitive data across endpoints, cloud apps, and SaaS platforms. Moreover, only 47% of respondents said their DLP tools effectively prevent data loss, and just 27% could identify which users put data at risk.

“Legacy DLP solutions block outflows but fail to understand the behaviors and contexts that expose sensitive data,” the study notes, urging a shift toward behavior-driven, real-time visibility platforms.

Among the top priorities for next-generation data protection are behavioral analytics (66%), day-one visibility (61%), and control over shadow AI and SaaS tools (52%).

Customer records (53%) and personally identifiable information (47%) topped the list of data types most frequently exposed, followed by financial and strategic information (40%) and intellectual property (29%).

To counter the trend, the report recommends modern, integrated DLP systems that monitor user behavior, correlate identity and activity, protect data across channels, and leverage AI to detect intent rather than just policy violations.