Comprehensive study shows pervasive data loss where, on average, organizations have experienced more than four unstructured data loss events in the last 12 months that they are aware of
SEATTLE, March 18, 2025 /PRNewswire/ — MIND™, the upcoming leader in data loss prevention (DLP), and TechTarget’s Enterprise Strategy Group (ESG), a leading IT analyst, research and strategy firm, today announced the release of The State of Data Loss Prevention – Current Struggles and Future Expectations. The report examines trends driving the need for data loss prevention (DLP) solutions to secure sensitive information from unauthorized access, leakage and theft, and key challenges as enterprise security teams struggle with outdated or incomplete tools. The report’s findings underscore the importance of modernizing DLP programs so that organizations can efficiently scale sensitive data visibility, classification, detection, remediation and loss prevention.
“Data loss prevention tools are critical for protecting sensitive information in today’s digital landscape and AI era,” said Eran Barak, Co-Founder & CEO at MIND. “Unfortunately, too many enterprise security teams are burdened with outdated DLP solutions that generate excessive false positives, lack contextual insights and demand significant manual effort. Commonly used DLP tools can’t keep pace with today’s ways of working, exposing organizations to increasing risks. Organizations need to transform their data security programs into a strategic advantage with both data security posture and data loss prevention by implementing a solution that combines simplicity, AI, automation and scalability at machine speed.”
The report found that enterprise environments are more complex and data stores are exponentially growing, further exacerbating security team difficulties, such as maintaining and evolving DLP policies, dealing with a majority of alerts that are false positives and a lack of resources to address and investigate every incident. In fact, 78% of organizations report being challenged in administering and maintaining existing DLP technology solutions and policies, and 94% report using at least two tools and, on average, more than three tools with DLP capabilities, resulting in significant man-hours to administer and maintain multiple solutions. Additionally, nearly all organizations (91%) said it’s important to reduce alert noise produced by their current DLP controls due to simple, poor and outdated classification schemes.
These challenges highlight the importance of adopting a future-ready DLP strategy that autonomously discovers and classifies sensitive data that matter, proactively detects issues with a context-aware and risk-based approach and automatically prevents and remediates data leaks. By delivering on these modern capabilities, organizations can expect to experience unprecedented visibility and understanding of their data risks, simplified solution management, dramatic reduction of false positives and efficient data loss prevention and issue remediation.
The report’s key findings include:
- Persistent data leaks: Despite using multiple DLP tools, 53% of respondents reported two or more unstructured data loss events that they know of and, on average, more than four in the last 12 months. There were likely many more data loss events that are unknown.
- Lack of visibility and understanding of data risks: Organizations report that more than 73% of their unstructured sensitive data has not been discovered and classified, leading to potential data risk landmines and unknowns.
- Debilitating alert fatigue: Organizations are overwhelmed by DLP alerts, with 92% either deferred/left for inspection after 24 hours or false positives/not remediated. 47% of DLP alerts that are inspected within 24 hours are false positives.
- Administrative burdens: 68% of companies manage multiple DLP policy sets across their IT environments with disparate, siloed tools.
“DLP solutions are essential for securing sensitive data, yet, our report uncovered great difficulties enterprise security teams face due to DLP solutions that create volumes of false positives, require considerable manual work, and fail to reduce business risks,” said Todd Thiemann, Senior Analyst at Enterprise Security Group. “Most of the challenges in our research can be addressed by improved DLP capabilities that automate sensitive data discovery, classification and detection. DLP innovations using AI and machine learning can provide context and risk prioritization around alerts and autonomously prevent and remediate incidents as they happen. By adopting modern DLP solutions that address these concerns and use cases, organizations can greatly reduce their risks and prevent costly data loss.”
“The findings in this report quite accurately reflect my decades of frustrating experiences with DLP tools,” said Troy Wilkinson, former Global Fortune 500 Chief Information Security Officer (CISO). “However, I’m optimistic and encouraged by the innovative solutions that have addressed many of these challenges. I wish modern DLP solutions, like MIND, were available when my security teams struggled with implementing and managing enterprise DLP programs.”
Download the full report here.
Methodology
Enterprise Strategy Group conducted a comprehensive online survey of senior cybersecurity and IT decision-makers from private-sector organizations in the United States. Respondents were required to be knowledgeable about their organization’s deployed DLP technologies.
After filtering out unqualified respondents, removing duplicate responses and screening the remaining completed responses (on a number of criteria) for data integrity, the final total sample included 100 senior cybersecurity and IT decision-makers.
About MIND
MIND is on a mission to help organizations thrive in a digital world in the AI era by protecting their most sensitive data, mitigating risks and preserving brand reputation. MIND is the first-ever data security platform that puts data loss prevention (DLP) and insider risk management (IRM) programs on autopilot to deliver both data security posture and data loss prevention. We enable businesses to mind what really matters—their most sensitive data. Founded and led by cybersecurity leaders and industry veterans, MIND is based out of Seattle, WA. For more information, contact us at info@mind.io.
Media Contact:
Michelle Kearney
Hi-Touch PR
443-857-9468
kearney@hi-touchpr.com
SOURCE MIND