Proofpoint

Resolving a data loss incident can take between one and four weeks for more than one in five organizations (21%).

Just 1% of users are responsible for 76% of data loss events.

46% of organizations cite cloud and SaaS data sprawl as a top challenge. ).

32% of organizations flag unsupervised data access by agents as a critical threat.

31% of organizations say redundant or obsolete data poses significant risk.

Over a third of organizations worry about sensitive data being used in AI training.

Over a quarter (29%) of organizations saw their data grow 30% or more over the past year.

32% of organizations attribute their most significant data loss events to malicious insiders.

Among enterprises with over 10,000 employees, 41% manage more than a petabyte of data.

44% of organizations lack sufficient visibility and controls over GenAI tools.

Respondents reported an average of 11 data loss incidents per year, with some organizations experiencing multiple incidents each month.

58% of organizations attribute their most significant data loss events to careless employees or third-party contractors.

27% of cloud storage is abandoned (unused data that inflates costs and widens the attack surface).

Two-thirds (65%) of organizations have already deployed AI-enhanced data security capabilities to classify data.

64% of organizations rely on six or more data security vendors.

Two in five organizations cite data loss via public or enterprise GenAI tools as a top concern.

42% of organizations attribute their most significant data loss events to compromised users.

Supply chain attacks against healthcare organizations decreased significantly from 68% in 2024 to 44% in 2025.

Healthcare organizations that experienced cloud/account compromises had an average of 21 such compromises in the past two years.

96% of healthcare organizations researched had at least two data loss or exfiltration incidents involving sensitive and confidential healthcare data in the past two years.

72% of healthcare organizations say they experienced an average of 21 cloud/account compromises.

61% of healthcare organizations say cloud/account compromises increased complications from medical procedures.

61% of healthcare organizations that had ransomware attacks experienced an average of five such attacks in the past two years.

Ransom payment rates by healthcare organizations declined in 2025 (from 36% to 33% in 2025).

The average number of cyberattacks experienced by U.S. healthcare organizations that suffered at least one cyberattack was 43, which is a 3-point increase from 40 in 2024.

On average, healthcare organizations experienced 18 data loss or exfiltration incidents in the past two years.

Concerns about budgets decreased from 40% to 37%.

44% of healthcare organizations say their organizations experienced an attack against its supply chains, which is a significant decline from 68% in 2024.

36% of healthcare organizations that experienced data loss or exfiltration incidents say it caused delays in procedures and tests that resulted in poor outcomes.

55% of healthcare organizations say data loss or exfiltration incidents impacted patient care.

The costliest ransom paid by healthcare organizations in 2025 represented a 60% increase from $771,905 in 2022.

In 2022, 64% of respondents from healthcare organizations said their organizations were very or highly vulnerable to BEC/spoofing/impersonation attacks.

67% percent of healthcare organizations say ransomware attacks had a negative impact on patient care.

35% of healthcare organizations cite employee negligence because of not following policies as a primary root cause of incidents.

An average of 72% of U.S. healthcare organizations that experienced a cyber attack reported disruption to patient care, which is a 3-point jump from 69 percent in 2024.

The costliest ransom paid (extrapolated value) by healthcare organizations was $1.2 million.

55% of respondents from healthcare organizations believe their organizations are vulnerable or highly vulnerable to a ransomware attack.

52% of healthcare organizations were vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident in 2024.

64% of healthcare organizations say their organizations are vulnerable or highly vulnerable to a cloud/account compromise.

93% of U.S. healthcare organizations experienced at least one cyberattack in the past 12 months.

72% of healthcare organizations say their organizations have experienced cloud/account compromises, which is an increase from 69% in 2024.

Healthcare organizations that experienced supply chain attacks, on average, experienced four supply chain attacks in the past two years.

61% of healthcare organizations say cloud/account compromises resulted in disruption in patient care.

25% of healthcare organizations cite employees sending PII or PHI to an unintended recipient via email as a primary root cause of incidents.

53% of healthcare organizations believe their organizations are vulnerable or highly vulnerable to a BEC/spoofing/impersonation incident.

56% of healthcare organizations that experienced ransomware attacks say it resulted in delays in procedures and tests.

67% of healthcare organizations that experienced ransomware attacks say it resulted in longer lengths of patient stay.

59% of attacked tools in healthcare organizations are text messaging.

54% of attacked tools in healthcare organizations are Zoom/Skype/video conferencing.

52% of healthcare organizations say cloud/account compromises resulted in longer length of patient stay.