More than three-quarters (77%) of registered companies will lose data due to internal incidents, with more than half of them caused by human error, concluded Fortinet’s Insider Risks 2025 report, published in the fourth quarter, 28.
Organizations “worldwide are experiencing a significant increase in domestic traffic: 77% of surveyed companies report data loss related to domestic incidents in the past 18 months, and 21% reported more than 20 incidents,” see what we know as a collaboration with Cybersecurity Insiders.
“The report shows that 62% of incidents are the result of human error, such as sending sensitive files via email, people storing data in the cloud, or using SaaS hardware. [‘Software as a Service’, ou seja, aplicações] and GenAI [inteligência artificial generativa] not approved”.
Regarding the financial impact of these incidents, this is an “expressive”, reference or report from Fortinet, one of the reference companies in the field of cyber security.
According to the report, “41% of organizations estimate losses between $1 million and $10 million [entre 842 mil e 8 milhões de euros, à taxa de câmbio de hoje]a full 9% cite custos ainda superiors, given that these values ”include remedial actions, business interruption, regulatory sanctions, and damage to the reputational level.”
Nearly three-quarters (72%) of security decision-makers “do not have full visibility into how users interact with sensitive data, whether through their devices, SaaS applications or generative AI hardware.”
The main gap identified is the support of the behavioral context.
According to the data most at risk, the majority (53%) are customer files, 47% respond to personally identifiable information, 40% to reasonable business plans and projects, 36% to user credentials, and 29% to intellectual property.
“Most information leaks are not based on malicious acts, but rather careless behavior in everyday life. Simply sharing a document or testing generative AI hardware can expose sensitive data,” he says.
To reduce risk, Fortinet recommends five measures: ensure early visibility, analyze behavior, not just data flows, extend protection to all everyday hardware, promote alignment between security and management teams, and adopt adaptive policies.
Leave a Reply