Organizations today operate in an environment where data moves faster and farther than ever before. As digital transformation accelerates, many are rethinking how to secure sensitive information across complex cloud, SaaS, and AI ecosystems.
Every transaction, collaboration, and innovation depends on data that is constantly being accessed, shared, and stored across multiple platforms. This has made data security a core element of business resilience rather than a back-end function.
Many organizations are now taking a more structured and strategic approach to protecting sensitive information, going beyond technology alone. Investments in insider risk management and data protection rose significantly last year, reflecting a stronger awareness among leaders of the need to safeguard their most valuable assets.
Despite this progress, data loss incidents continue to rise. The 2025 Data Security Report by Cybersecurity Insiders and Fortinet found that 77% of organizations worldwide experienced at least one insider-related incident in the past 18 months, with 58% reporting six or more.
The same trend is evident in the Philippines, where insider threats ranked as the fourth most common cyber risk according to a recent Fortinet-commissioned IDC study.
With higher budgets and smarter strategies already in motion, the question remains: why does data loss continue to happen?
Outgrowing old defenses
The Cybersecurity Insiders and Fortinet report revealed that most organizations have increased their investments in insider risk management and data protection.
Seventy-two percent raised their budgets last year, with more than a quarter implementing significant increases. However, despite these efforts, data loss incidents continue to cause substantial impact.
Almost half of the surveyed organizations experienced direct financial losses from insider-related incidents. Among them, 41% estimated damages ranging from $1 million to $10 million in their most significant case, while 9% reported losses of more than $10 million.
The consequences extended beyond financial impact, with 43% citing reputational harm and 39% encountering operational disruptions.
The issue lies not in how much organizations invest, but in the tools many still rely on. Traditional Data Loss Prevention (DLP) solutions were designed for an era when data resided largely within on-premises networks.
Their primary role was to prevent regulated information, such as credit card details, personal identifiers, or medical records, from leaving the organization. These tools focused on perimeter control and compliance, which worked when data stayed within defined boundaries.
Today’s reality is far more complex. Sensitive information now moves continuously across cloud infrastructures, SaaS platforms, and AI-driven systems.
Teams collaborate across borders, share intellectual property with partners, and increasingly use AI tools to analyse and generate data. While these practices drive productivity and innovation, they also introduce new and often invisible data exposure risks.
Legacy DLP tools struggle in this environment. Many lack visibility into how employees actually interact with sensitive data, particularly within SaaS and generative AI tools and they often fail to distinguish between malicious activity and simple human error.
Nearly half of insider-related incidents stem from negligence rather than intent, yet traditional systems treat every event the same. These tools also operate in silos, with endpoint, email, and network DLPs rarely working together, making it difficult to connect events into a clear risk picture.
In many cases, organizations wait weeks or even months before gaining meaningful insight from these deployments.
The result is a false sense of control: more alerts, but less clarity. In fast-moving, data-driven environments, that lack of context undermines resilience rather than strengthening it.
Shifting from enforcement to insight
Protecting data today requires more than enforcing static rules. It demands a deeper understanding of behaviour and context, how people interact with information and why certain actions occur.
Knowing that a file was shared is no longer enough. Security teams need to understand who shared it, whether the behavior is typical, and if the activity represents genuine risk.
Modern Data Loss Prevention solutions are designed to deliver this level of insight. By using behavioral analytics and contextual monitoring, they help distinguish mistakes from malicious intent and surface abnormal patterns early.
Crucially, these platforms provide visibility from day one, enabling teams to see how sensitive data moves across users, applications, and environments as soon as they are deployed.
As data flows beyond traditional perimeters into cloud services, SaaS applications, and AI platforms, advanced DLP solutions help close visibility gaps by correlating activity across channels. This transforms isolated events into coherent risk narratives, allowing security teams to prioritize what truly matters and respond with confidence.
A strong example of this approach is the unification of DLP with insider risk management to deliver real-time, behaviour-aware visibility across endpoints, cloud, SaaS, and AI environments.
Fortinet enables this through FortiDLP and the Fortinet Security Fabric, which integrate identity, access, and activity data to help prevent small mistakes from escalating into costly breaches.
Redefining data loss prevention for the modern era
Despite stronger security strategies and increased executive support, many organizations continue to experience damaging insider incidents.
A key reason is continued reliance on legacy DLP tools that were never designed for today’s distributed, cloud-first environments and often add complexity without delivering clarity.
As data protection programs evolve, real progress will come from adopting platforms that deliver insight and understanding, not just alerts.
Moving from enforcement to intelligence-driven data protection is essential to building resilience, maintaining trust, and enabling secure growth in an increasingly connected digital economy.
The author is the country manager of Fortinet Philippines
