A new global study from cybersecurity leader Fortinet reveals that organisations are spending more than ever on data protection, but losses linked to insider activity continue to rise.

The 2025 Data Security Report, produced by Fortinet in partnership with Cybersecurity Insiders, shows that 72 per cent of organisations increased their budgets for insider risk and data protection last year.

Yet, 77 per cent still reported at least one insider-related incident in the past 18 months, with over half facing six or more. Nearly half of the organisations surveyed suffered financial losses of millions of dollars from these incidents.

According to the report, the problem lies not in the level of investment but in the tools being used. Many companies still rely on traditional Data Loss Prevention (DLP) systems that were designed for older, perimeter-based environments. These legacy systems often cannot monitor how employees interact with sensitive information across cloud services, SaaS platforms, and artificial intelligence tools—making it difficult to distinguish between simple mistakes and real threats.

Today’s workplace realities make this gap especially risky. Engineers routinely share design files with contractors, analysts move large customer datasets into spreadsheets, and employees paste confidential information into AI assistants. Each action can expose organisations to serious threats, particularly when legacy DLP tools lack the visibility to provide context.

The report stresses that modern DLP solutions must go beyond static controls and provide behavioural insight and context. Security teams need to know not just that data was moved, but who moved it, why, and whether the activity was normal. Next-generation solutions, such as Fortinet’s FortiDLP, combine data protection with insider risk management to deliver real-time visibility across endpoints, SaaS, cloud, and AI tools.

The financial and reputational stakes are high. Forty-one per cent of organisations reported losing between US$1 million and US$10 million in their most serious data incident, while 9 per cent lost more than US$10 million. Beyond financial costs, organisations also suffered reputational damage and operational disruption, with some industries facing the risk of losing years of research or competitive advantage from a single leaked dataset.

“Businesses are making progress by securing more resources and adopting smarter strategies,” said Emmanuel Oscar, Senior Manager, Systems Engineering for Fortinet Caribbean. “But unless organisations update their tools to match today’s realities, insider risk will continue to cause damaging losses.”

The report concludes that data security is no longer just a compliance issue—it is a business-critical challenge that affects trust, revenue, and long-term viability.