Data loss is a people problem—or more to the point, a careless people problem. That is the conclusion of our new report, the 2024 Data Loss Landscape, which Proofpoint is launching today.
We used survey responses from 600 security professionals and data from Proofpoint Information Protection to explore the current state of data loss prevention (DLP) and insider threats. In our report, we also consider what is likely to come next in this rapidly maturing space.
Many companies today still rate their current DLP program as emerging or evolving. So we wanted to identify current challenges and uncover areas of opportunity for improvement. Practitioners from 12 countries and 17 industries answered questions ranging from user behavior to regulatory consequences and shared their aspirations for DLP’s future state.
This report is a first for Proofpoint. We hope it becomes essential reading for anyone involved in trying to keep data secure. Here are a few key themes from the 2024 Data Loss Landscape report.
Data loss is a people problem
Tools matter, but data loss is definitely a people problem. 2023 data from Tessian, a Proofpoint company, shows that 33% of users send an average of just under two misdirected emails each year. And data from Proofpoint Information Protection suggests that as few as 1% of users are responsible for up to 90% of DLP alerts at many companies.
Data loss is often caused by carelessness
Malicious insiders and external attackers pose a significant threat to data. However, more than 70% of respondents said that careless users were a cause of data loss for their company. In contrast, fewer than 50% cited compromised or misconfigured systems.
Data loss is widespread
The vast majority of the respondents to our survey reported at least one data loss incident. The global mean incidents-per-organization is 15. The scale of this problem is daunting, as hybrid work, cloud adoption and high rates of employee turnover all create an elevated risk of data being lost.
Data loss is damaging
More than half of the respondents said that data loss incidents led to business disruption and revenue loss. Those aren’t the only damaging consequences. Nearly 40% also reported that their reputation was damaged, while more than a third said that their competitive position was weakened. In addition, 36% of respondents reported being hit by regulatory penalties or fines.
Growing concern over generative AI
New alerts triggered by the use of tools like ChatGPT, Grammarly and Google Bard only became available in Proofpoint Information Protection this year. But they are already in the top five most-implemented rules among our users. With little transparency about how data submitted to generative AI systems is stored and used, these tools represent a dangerous new channel for data loss.
DLP is about more than just compliance
Regulation and legislation inspired many early DLP initiatives. But security practitioners now say that they are more concerned with protecting user privacy and sensitive business data.
Tools for DLP have evolved to match this progression. Many tools have moved beyond protecting just static data sets like personally identifiable information (PII) and financial details and can now defend unstructured intellectual property and other valuable data.
Download the full report
The 2024 Data Loss Landscape report provides a detailed look at the behavior of departing users and cloud-specific attack patterns. Our research also aims to shed light on what motivates companies to establish and improve their DLP capabilities.
As a first-of-its-kind report for Proofpoint, we’ve included a wealth of insight from security practitioners around the world as well as data from Proofpoint Information Protection. We hope you find this information relevant and useful for your business, whether your DLP program is already mature or still evolving.
Download your copy of the 2024 Data Loss Landscape report now.