A growing number of companies report data loss due to internal errors, especially when using everyday digital tools such as email, cloud storage, and GenAI applications.
According to the 2025 Insider Risk Report by Fortinet and Cybersecurity Insiders, 77 percent of organizations experienced internal data loss in the past eighteen months. In 21 percent of cases, this involved more than twenty incidents. The report primarily points to human error and a lack of insight into user behavior as the main causes.
Minor Actions, Major Risk
The majority of incidents do not arise from malicious employees but from unintentional errors. Examples include accidentally sharing sensitive files via email or storing documents in personal cloud environments. The use of unapproved SaaS or GenAI tools also contributes to the risk of data breaches.
read also
AI Policy of Belgian Managers Does not Reach the Workplace
Nevertheless, the study shows that many organizations have insufficient visibility into their users’ behavior. Nearly three out of four security officers report not having a complete overview of how sensitive information is used on devices and within cloud applications. This often leads to a false sense of security: warnings are generated, but without context, it is difficult to assess whether an action is risky.
Customer data and personally identifiable information are most at risk, followed by strategic plans, user data, and intellectual property. The financial impact of internal incidents is significant: 41 percent of surveyed organizations estimate the cost of the most severe incident to be between 1 and 10 million dollars.
Increased Focus
Despite these challenges, action is being taken. 72 percent of organizations are increasing their budget for internal risk management. The focus is on tools that combine visibility, behavioral analysis, and automation. According to the report, real-time behavioral analysis is a top priority for 66 percent of respondents.