Why legacy DLP tools don’t cut it anymore | perspective | SC Media - SC Media

COMMENTARY: About 20 years ago, data loss prevention (DLP) helped secure the perimeter. Today, there’s no perimeter anymore. Born in the early 2000s to stop sensitive data from leaking via email or USB, DLP was designed for an era of structured information, centralized infrastructure, and well-defined corporate boundaries. At the time, scanning content for keywords and blocking known violations offered a meaningful safeguard. But the enterprise has changed — and so have the threats. Data now flows freely across cloud platforms, distributed workforces, third-party contractors, and autonomous AI agents that can absorb and replicate sensitive content. The costliest breaches no longer result from perimeter break-ins, but from within: through insider negligence, compromised access, social engineering, and increasingly, AI misuse and abuse. [SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.] Legacy DLP tools haven’t kept up. They flag violations, but miss intent. They block content without understanding context. And as structured controls collide with unstructured realities, they often create friction without delivering protection. And it’s not a future problem — it’s already happening. According to new research from Ponemon Institute, the average cost of a U.S. data breach reached $10.22 million, with PII and intellectual property as the primary losses. More than 20% of these breaches involved AI systems — most unsanctioned, unmanaged, and invisible to security teams. Organizations lacking AI governance took significantly longer to contain incidents and paid nearly $2 million more in breach-related costs. Yet even these numbers understate the shift underway. A new kind of insider The threat landscape has entered a new phase, one shaped by AI-powered attackers, invisible insiders, and ungoverned technologies embedded deep within supply chains. Nation-state actors now use generative AI to automate reconnaissance, personalize phishing campaigns, and scale social engineering with uncanny precision. In these campaigns, human firewalls are no match for machine-speed deception, especially when sensitive data is already circulating across exposed platforms. At the same time, employees and contractors are adopting AI tools independently, uploading proprietary data into chatbots, syncing transcripts to unsecured third-party platforms, or incorporating unvetted models into development environments. These aren’t edge cases — they’re becoming default behaviors. The risk doesn’t stop with individuals. Developers importing malicious open-source models or business units activating shadow AI services can unknowingly introduce persistent, undetectable threats. And with unmanaged service accounts and autonomous agents operating across environments, the definition of “insider” has expanded far beyond the employee badge. Traditional DLP was not designed for this world. Today, DLP must evolve from a static control to a dynamic, risk-aware capability. This means we must: Understand context, not just content. Data protection must consider why data moves — not just what’s moving. Behavioral signals such as timing, velocity, and intent offer more actionable insight than scanning for keywords. Adapt in real time. If a user gives notice, accesses sensitive resources after hours, or uploads proprietary material to unsanctioned AI tools, security controls should adjust dynamically, without requiring manual intervention or disrupting legitimate work. Extend governance to AI behavior. The real risks today are less about what AI tools are approved, but how they get used. Prompts can contain intellectual property. AI-generated actions — like file transfers or code execution — can occur without oversight. Effective governance means being able to monitor both human and machine behavior and knowing the difference. Crucially, this approach isn’t about locking systems down. It’s about making innovation safer to scale. The strategic case for reinvention AI introduces risk, but it also offers a powerful defense. Organizations that embrace AI in their security programs shorten breach lifecycles by an average of 80 days and reduce breach costs by nearly $2 million. When applied to DLP, AI can help classify unstructured data, identify anomalous behavior, and correlate insider risk signals in real time across endpoints, clouds, and third-party ecosystems. The focus shifts from blocking to understanding — and from reacting to anticipating. For executive leadership, this marks a strategic inflection point. Here’s what AI-enabled DLP promises for each member of the C-suite: CEO: Protects trust, resilience, and reputation. CISOs and CIOs: Streamlines fragmented controls and closes visibility gaps. CFOs: Mitigates exposure to financial and regulatory risk. Innovation leaders: Unlocks safe, scalable AI adoption. The organizations best positioned to lead are those that govern by design, not in hindsight. Legacy DLP, built for static environments and straightforward threats, can’t compete today in an AI-powered, boundaryless enterprise. But that doesn’t mean it’s obsolete. On the contrary, protecting sensitive data — from compromise, misuse, or silent exfiltration — has never been more important. Because in a world in which data moves freely, the ability to deliver context -- and then act on it -- will make all the difference. Marshall Heilman, chief executive officer, DTEX SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.