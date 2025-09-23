Data security spending at record levels but costly breaches continue

A new report from Fortinet reveals that despite organizations increasing their data security budgets by 72 percent last year, insider-driven data incidents continue to surge, with 77 percent of companies experiencing at least one breach in the past 18 months.

The study, conducted with Cybersecurity Insiders, exposes a critical disconnect, while security leaders are adopting smarter strategies and securing stronger funding, traditional data loss prevention (DLP) tools are failing to protect against today's sophisticated threats in cloud-heavy, distributed work environments.

The report also highlights the problem of legacy tool failure. Intellectual property, a high-value target in industries like tech and manufacturing, is poorly protected with only 37 percent of respondents strongly agreeing their solution helps. Many organizations are still running a patchwork of tools -- often anchored on legacy DLP -- that doesn’t fit today’s complex environments and creates unnecessary complexity and workload for security teams.

There’s massive financial impact from breaches, 41 percent of organizations lost $1-10 million per incident, with nine percent reporting losses exceeding $10 million. Nearly half of incidents stem from negligence or error, not malice, yet current tools can't distinguish between the two. 72 percent of organizations admit they can’t see how employees interact with sensitive data.

To combat these issues security leaders are demanding behavioral analytics (66 percent), day-one visibility (61 percent), and shadow AI oversight (52 percent) in next-generation DLP solutions.

David Lorti, director -- product marketing at Fortinet, writes on the company’s blog. “Modern DLP platforms must connect individual events into risk narratives, enabling teams to identify patterns, prioritize risks, and act with confidence. This marks a shift from static enforcement to behavior-aware visibility that shows what’s happening and why it matters.”

The full report is available from the Fortinet site.

Image credit: photonphoto/depositphotos.com

