According to a new study from Proofpoint, careless employees or third-party contractors are the leading cause of enterprise data loss, followed closely by compromised users and malicious insiders. In other words, data loss is very much still a “people problem”.
But it’s not all users. On average, just 1% of users are responsible for 76% of data loss incidents. While the makeup of that 1% can shift over time as employees join and leave the business, it’s clear that organizations need to invest in behavior-aware security tools that respond in real-time to risky user actions.
These statistics come from Proofpoint’s second annual Data Security Landscape report, which was released today. Based on insights from 1,000 security professionals globally and Proofpoint’s own platform data, the report dives into the leading causes of data loss incidents, the biggest challenges organizations are currently facing when it comes to securing their data, and what the future of enterprise data security might look like.
According to Proofpoint, people aren’t the only driver behind enterprise data loss; other leading causes include data growth and sprawl, and the rise of the agentic workspace.
As organizations increasingly integrate AI agents into their operational workflows, these tools are introducing a new class of insider risk that’s almost on par with human error—and it’s a risk that many organizations are concerned about. In fact, almost 40% of security professionals globally name data loss via GenAI tools as a top data security risk, 36% are concerned about the use of sensitive data in AI training datasets, and 32% are concerned about unsupervised data access and other risks from agentic AI.
A large part of this concern stems from a lack of oversight; 44% of organizations feel that they have insufficient visibility and controls over GenAI tools.
The Future Of Data Security
While lots of organizations share concerns about AI risk, many also view AI as having the potential to improve their data security efforts.
64% of organizations currently rely on six or more data security vendors. This sprawl of security software not only hinders visibility, but it’s also difficult to manage, draining already limited security resources.
Because of this, increasingly more organizations are looking to build unified, AI-driven data security programs that will both minimize security risk and reduce the burden on struggling IT and security teams.
For many, creating this type of program involves leveraging AI to help them manage their data. In fact, 65% of organizations have already deployed AI-enhanced data security capabilities to classify data, with other popular uses including detecting anomalous user behavior, remediating incidents, and detecting anomalous data exfiltration.
For others, building out a unified security program is seen as a means of securing AI adoption, with 50% believing it will enable the safe and productive use of AI.
“We’ve entered a new era of data security where insider threats, relentless data growth, and AI-driven change are testing the limits of traditional defenses,” said Ryan Kalember, Chief Strategy Officer at Proofpoint.
“Fragmented tools and limited visibility leave organizations exposed. The future of data protection depends on unified, AI-powered solutions that understand content and context, adapt in real time, and secure information across both human and agent activity.”
