Learnings from the 2025 Data Security Report
Beyond Traditional Data Loss Prevention Solutions: Building Modern Data Security for New Zealand Organisations
In August 2025, Fortinet, in partnership with Cybersecurity Insiders, released the 2025 Data Security Report. Based on a global survey of 883 IT and cybersecurity professionals, the report explores the state of enterprise data protection, where traditional Data Loss Prevention (DLP) tools are falling short, and what capabilities are most critical for the future. New Zealand businesses are generating and sharing more sensitive data than ever before, from customer records and financial reports to intellectual property. Yet the Fortinet 2025 Data Security Report shows that legacy Data Loss Prevention (DLP) tools are increasingly failing to protect this information in today’s cloud-driven, AI-enabled environments. For New Zealand SMBs, enterprises, government agencies, and critical infrastructure operators, this presents both a challenge and an opportunity.
Persistent Risk in the Modern Workplace
The report found that 77% of organisations experienced insider-related data loss in the past 18 months, with most incidents caused by accidental errors rather than malicious actors. In New Zealand’s tight-knit business ecosystem, such breaches can damage trust quickly and have lasting reputational impact. What’s more, 72% of organisations admitted they lack visibility into how users interact with sensitive data across endpoints and cloud services. That’s a major blind spot as Kiwi businesses increasingly adopt SaaS tools, AI platforms, and remote working models.
The High Cost of Data Exposure
Globally, 45% of organisations reported financial or revenue loss from data exposure, with 41% estimating damages between $1 million and $10 million for their most significant incident. While the dollar figures may differ in New Zealand, the impacts are just as serious: operational disruption, regulatory scrutiny, and erosion of public trust.
For industries such as healthcare, financial services, and manufacturing, key pillars of New Zealand’s economy, the stakes are even higher when customer records, personal data, or proprietary designs are exposed.
Why Traditional DLP Falls Short
Traditional DLP tools focus on blocking data flows but fail to understand the context of user behaviour. Only 33% of organisations said they have immediate visibility into data usage, and just 27% could see which users were putting data at risk.
For New Zealand organisations, this means risk often goes undetected until it becomes a serious incident, whether that’s a staff member accidentally uploading sensitive files to a personal cloud, or AI tools being used without oversight.
What Security Leaders Want Next
According to the report, the top priorities for next-generation data protection include:
• Real-time behavioural analytics (66%)
• Day-one visibility into data flows (61%)
• Control over shadow AI and SaaS tools (52%)
These priorities align closely with the needs of New Zealand businesses, where rapid cloud adoption and increasing use of AI are reshaping how data is created, stored, and shared.
Nextro’s insights for New Zealand
The report highlights a clear shift: effective data protection must evolve from static enforcement to context-driven insight. For New Zealand organisations, the priority is not creating more alerts but gaining clarity around who is moving sensitive data, why it is happening, and whether the activity poses real risk.
By aligning Fortinet’s next-generation DLP and insider risk management capabilities with local requirements, Nextro identifies a pathway for New Zealand businesses to strengthen visibility, reduce the likelihood of accidental exposure, and build resilience against insider-driven incidents.
Talk to Nextro today about building a modern data protection strategy that keeps your business secure in an AI-driven, hybrid world.