Fortinet’s 2025 Insider Risk Report Shows Fragmentation Driving Million-Dollar Losses

Think of it as a million-dollar problem. Insider-driven data losses are becoming increasingly costly. More than 4 in 10 organizations say they lost between $1 million and $10 million from their most significant insider incident in the last 18 months.

That finding comes from Fortinet’s 2025 Insider Risk Report, done in collaboration with Cybersecurity Insiders, which surveyed 883 IT and security professionals. The report examines gaps in visibility, the effectiveness of security tools, and organizations' preparedness to confront the growing threat of insider-driven security and data loss.

The biggest problem: fragmented security products across an organization, combined with limited visibility.

"Yet most organizations still rely on fragmented tools that lack behavioral insight, contextual awareness, and real-time responsiveness,” the Fortinet Insider Risk Report concludes. “The result: persistent blind spots, delayed detection, and missed chances to act before damage occurs."

An Absence of Malice

Most of the time, data breaches aren’t even the result of any malicious activity. It’s the slow buildup of vulnerabilities over time.

“The critical takeaway is that most insider incidents are not malicious breaches but rather small oversights that add up,” writes David Lorti, director of product marketing at Fortinet. “Everyday behavior, such as sharing documents, experimentation with GenAI tools, or uploading to personal cloud storage, creates opportunities for data loss that legacy controls simply can’t interpret in context.”

The numbers show why unified solutions win in data protection.

While almost two-thirds of those surveyed report that they have a formal data protection program, more than half - 51 percent - say they suffer from fragmented integration as well.

So it shouldn’t be surprising that only 14 percent say they’re confident in their organization's insider threat detection capabilities, according to the report.

That’s where the opportunity for solution providers looms large.

Taking on Fragmentation

The Fortinet Security Fabric, a mainstay of its strategy to converge cybersecurity and networking, provides a unified approach to data protection. That takes into account insider threats arising from third-party tools, evolving risks from work-from-anywhere (WFA) organizations, and IoT proliferation, among others.

For example, Fortinet’s Unified SASE - “unified” is actually in the name - is one solution that takes on fragmentation.

“Ultimately, insider risk is not a single-team issue – it is an organization-level challenge. When governance, processes, and technology align across teams, organizations respond faster, more consistently, and with greater precision,” the report states.

The Maturity Scale

Here’s how it breaks down:

Of those surveyed, 51 percent say they’re operating at Level 2 on the maturity scale: tools are in place but fragmented across teams within the organization, with insufficient oversight or integration. And more than 8 in 10, in total, say they haven’t yet moved up to Level 3 - with a unified strategy (including governance, analytics, and integrated enforcement throughout an organization).

It’s not enough to have a dashboard that tracks data. Context, consistency, and a unified team from top to bottom are needed to meet today’s data protection demands.

More insight from Lorti, and a link to the 2025 Insider Threat report, can be found here.