Proofpoint released its second annual Data Security Landscape report, revealing that organisations continue to face widespread data loss as they struggle to protect sensitive information amid explosive data growth, AI adoption, and the emergence of AI agents in the workplace.
The report, based on insights from 1,000 security professionals across 10 countries, as well as Proofpoint platform data, reveals how the rapid adoption of AI-driven productivity tools and autonomous agents that handle sensitive data is compounding risk for organisations. Many lack the visibility and controls to govern this emerging “agentic workspace,” where humans and AI systems now work side by side. Meanwhile, surging data volumes are putting even greater strain on already stretched security teams.
“We’ve entered a new era of data security where insider threats, relentless data growth, and AI-driven change are testing the limits of traditional defenses,” said Ryan Kalember, chief strategy officer, Proofpoint. “Fragmented tools and limited visibility leave organisations exposed. The future of data protection depends on unified, AI-powered solutions that understand content and context, adapt in real time, and secure information across both human and agent activity.”
Key global findings include:
People continue to drive most data loss incidents: Nearly six in ten (58%) organisations attribute their most significant data loss events to careless employees or third-party contractors, while 42% cite compromised users and 32% point to malicious insiders.
Proofpoint telemetry underscores an imbalance: just 1% of users are responsible for 76% of data loss events, emphasising the importance of behavior-aware, adaptive security strategies. Data loss frequency also remains alarmingly high: respondents reported an average of 11 incidents per year, with some organisations experiencing multiple incidents each month. These incidents can take weeks to resolve, leaving sensitive information exposed and security teams overburdened.
Data growth and sprawl exacerbate the challenge: Enterprise data volumes are soaring, stretching visibility and control to the limit. Over a quarter (29%) of organisations saw their data grow 30% or more over the past year. Among enterprises with over 10,000 employees, 41% manage more than a petabyte of data. This unchecked expansion carries serious implications: 46% cite cloud and SaaS data sprawl as a top challenge, and 31% say redundant or obsolete data poses a significant risk. Proofpoint platform data reinforces this, showing that 27% of cloud storage is abandoned—unused data that inflates costs and widens the attack surface.
The rise of the agentic workspace and new data risks: As organisations rapidly deploy AI across enterprise workflows, it is emerging as a new class of insider risk rivaling human error. Two in five organisations cite data loss via public or enterprise GenAI tools as a top concern, while over a third worry about sensitive data being used in AI training. AI agents—often operating as highly privileged superusers—introduce further risk, with 32% of organisations flagging unsupervised data access by agents as a critical threat. Oversight gaps amplify these risks: 44% of organisations lack sufficient visibility and controls over GenAI tools.
Security teams are under strain amid fragmented toolsets: Fragmented security architectures continue to hinder visibility, response, and remediation efforts. More than one in five organisations (21%) report that resolving a data loss incident can take between one and four weeks. With 64% relying on six or more data security vendors, the resulting tool sprawl increases complexity and drains already overextended security teams.
A call for unified, AI-driven data security programs: Security leaders are increasingly looking to holistic data security and insider risk solutions to reduce security risk and simplify operations. Two-thirds of organisations (65%) have already deployed AI-enhanced data security capabilities to classify data. Half of respondents see the greatest benefit of a unified data security solution as enabling the safe and productive use of AI, while 55% believe it will reduce data loss risk.