Humans built the problem, AI just scaled it

Information moves across cloud platforms, personal devices, and AI tools, often faster than security teams can track it. Proofpoint’s 2025 Data Security Landscape report shows that most organizations faced data loss last year, usually caused by their own people. With AI agents part of daily operations, security leaders are confronting risks that come from users and from the systems acting on their behalf.

A familiar problem that keeps getting worse

85% of the companies experienced at least one data loss incident in the past year. For many, it happened monthly. Despite all the investment in tools and automation, the leading cause is still human behavior. Careless employees or third-party contractors were named by 58% of respondents.

Just 1% of users accounted for 76% of data loss events. That concentration suggests the need to focus on identifying risky behavior early rather than spreading resources evenly across the workforce.

Data growth is outpacing control

Enterprise data keeps growing faster than most security teams can manage. Large organizations are handling volumes that reach into the petabytes, making it harder to know where sensitive information resides or who has access to it.

Security leaders say sprawl across cloud and SaaS platforms has become one of their toughest challenges. As more information is duplicated or left unused, the risk surface widens and becomes harder to map. Proofpoint’s research indicates that a significant share of cloud storage remains idle yet accessible, adding both cost and exposure. The focus is shifting from simply storing data to understanding what it is, where it lives, and whether it needs to be kept at all.

The insider risk problem persists

Mistakes, stolen credentials, and deliberate misuse continue to drive a large share of breaches. Email remains a common path for data to leak. Misdirected messages, wrong attachments, and intentional exfiltration occur even in companies with mature controls.

Email data security incidents by organization size (Source: Proofpoint)

A midsize organization can expect thousands of misdirected emails and several hundred exfiltration attempts each year, many involving sensitive documents. Larger enterprises see those numbers multiply quickly.

Many organizations also reported at least one hijacked account last year, often followed by suspicious file access. Insider risk is not a single issue to fix but an ongoing exposure that demands constant visibility and quick response.

“We’ve entered a new era of data security where insider threats, relentless data growth and AI-driven change are testing the limits of traditional defences,” said Ryan Kalember, chief strategy officer, Proofpoint.

AI expands the risk surface

AI is part of daily business, and it is changing how data moves inside organizations. The same tools that increase efficiency can also create new exposure points. Many security leaders say they lack visibility into how generative AI tools handle sensitive information. Some worry about employees pasting confidential material into public systems, while others are concerned about models trained on corporate data without oversight.

AI agents often have broad access across company systems. Without governance, they can unintentionally expose or misuse data. In some regions, including Germany and Brazil, security leaders already rank data loss through AI tools among their top concerns.

Data protection can’t just be about users and devices. It also has to cover automated systems that can make decisions like humans, but without the same judgment or accountability.

Teams under strain

Security teams are struggling to keep up with expanding data and growing workloads. Many say they lack enough skilled staff to manage data security. When incidents occur, investigations can take days or even weeks to resolve, leaving sensitive data exposed longer than acceptable.

Most organizations depend on several security products, and some use more than ten. Switching between them slows investigations and creates blind spots that make coordination harder.