Proofpoint has unveiled its second annual Data Security Landscape report, providing critical insights into the challenges faced by organisations as they grapple with data sprawl, the rapid adoption of generative AI tools, and the evolving landscape of insider threats. The report underscores the urgent need for more effective data protection strategies to safeguard sensitive information amid unprecedented data growth.
“We’ve entered a new era of data security where insider threats, relentless data growth, and AI-driven change are testing the limits of traditional defenses,” says Ryan Kalember, chief strategy officer at Proofpoint.
As organisations embrace generative AI for productivity, many find themselves ill-equipped to manage the dual risks of expanded data assets and the complexities introduced by AI agents that handle sensitive information alongside human employees.
One major finding is the alarming prevalence of human error as a primary cause of data loss. Approximately 58% of organisations attribute significant data loss incidents to careless employees or third-party contractors, with another 42% citing compromised accounts.
This highlights the pressing need for behaviour-aware and adaptive security measures. Notably, roughly 1% of users account for 76% of data loss events, reinforcing the importance of targeted intervention strategies.
Moreover, the report indicates that the rapid increase in data volumes is straining security teams already stretched thin. More than a quarter of organisations reported a 30% rise in data over the past year. Among larger enterprises, the scale can exceed a petabyte, posing substantial visibility and control challenges.
Not surprisingly, 46% of respondents identified cloud and SaaS data sprawl as a top concern, while 31% recognised the risks associated with redundant or obsolete data. The findings also revealed that a staggering 27% of cloud storage comprises abandoned data, creating unnecessary costs and expanding the attack surface.
The emergence of the "agentic workspace," where AI tools operate alongside humans, introduces a new dimension of insider risk. Two in five organisations reported concerns over data loss through public or enterprise generative AI tools, with many stressing the importance of oversight in the use of sensitive data for AI training.
An alarming 32% of organisations flagged unsupervised data access by AI agents as a critical vulnerability, exacerbated by a lack of visibility and controls, with 44% admitting inadequate oversight of their generative AI applications.
The consequences of fragmented security architectures further complicate data protection efforts. According to the report, over 21% of organisations took between one to four weeks to resolve data loss incidents. With 64% relying on six or more data security vendors, tool sprawl not only complicates response times but also drains resources from already overwhelmed security teams.
In light of these challenges, there is a clear call among security leaders for unified, AI-driven data security programs. The report indicates a growing trend—65% of organisations have deployed AI-enhanced capabilities to classify data, reflecting an acknowledgement that a holistic security approach is necessary. A unified data security solution is increasingly seen as essential for enabling safe AI usage and reducing data loss risks.
Prioritising unified data security strategies and integrating AI-powered solutions are fundamental to navigating the complexities of today’s data-rich environment, ensuring that sensitive information remains secure in an increasingly digital world.
