A new study of 883 cybersecurity professionals reveals a troubling reality: the very tools designed to protect company data might be creating more problems than they solve. The findings come from the “Are Traditional DLP Solutions a Barrier to Preventing Data Loss? – Data Security Report 2025,” published by Cybersecurity Insiders in partnership with Fortinet.
Data Breaches Are Becoming the New Normal
The numbers are stark. Nearly 8 out of 10 organizations (77%) suffered insider-related data breaches in the past 18 months, with more than half experiencing six or more incidents. What’s particularly concerning is that most of these breaches aren’t caused by malicious employees—49% resulted from simple carelessness or negligence, while only 16% involved confirmed malicious intent.
The Financial Impact Is Devastating
When data gets exposed, companies feel it in their wallets. Nearly half (45%) of organizations reported direct financial losses from their worst incident, with 41% estimating damages between $1 million and $10 million. Only 8% said the impact was negligible, meaning almost every breach carries meaningful consequences.
The most commonly stolen data includes customer records (53%) and personal information (47%), followed by sensitive business information, such as financial reports and strategic plans (40%). In industries where intellectual property is most valuable, a single leaked design or algorithm can compromise a company’s competitive advantage for years.
Traditional Security Tools Can’t Keep Up
Here’s the surprising finding: while 47% of companies say their Data Loss Prevention (DLP) tools are practical, most can’t actually see what’s happening with their data. A striking 72% admit they lack visibility into how employees use sensitive information across computers and cloud applications.
The problem gets worse with implementation. Only 24% found their DLP systems easy to deploy, and 75% had to wait weeks or months before gaining meaningful insights from their security investment.
What Companies Really Need
Security leaders are demanding better solutions. Two-thirds (66%) want real-time behavioral analytics that can identify unusual patterns, while 61% require immediate visibility from the day of deployment. Over half (52%) specifically want control over shadow AI tools and unauthorized software that employees might use.
The Path Forward
The report suggests companies should shift from simply blocking data transfers to understanding user behavior and context. Modern data protection requires tools that can follow sensitive information wherever it goes—whether through email, cloud storage, messaging apps, or AI platforms—while distinguishing between normal work activities and genuine threats.
As data continues to move through increasingly complex digital environments, organizations need more innovative and adaptive security approaches that provide insight, not just enforcement.
