60% of insider threat incidents involved personal cloud application instances in 2025.

18% of leaders at financial services firms say they are unprepared to recover effectively from an Insider threat or data compromise.

35% of healthcare organizations cite employee negligence because of not following policies as a primary root cause of incidents.

25% of healthcare organizations cite employees sending PII or PHI to an unintended recipient via email as a primary root cause of incidents.

25% of healthcare organizations cite privilege access abuse as a primary root cause of incidents.

41% of organizations believe AI-driven insider threats are among the most likely AI incidents to impact their organization in the next 12 months.

Insider threats accounted for 0.8% of initial access vectors.

46% of financial services leaders highlight insider threats as a top concern.

44% of organizations are prepared for insider threats or account takeover.

Human error remains the top cybersecurity vulnerability in 2025, with 66% of CISOs citing people as their greatest risk.

43% of cybersecurity professionals identified distraction as a primary reason employees fall victim to cyberattacks.

Nearly a third of organisations still lack dedicated insider risk resources.

92% of organisations attribute at least some data loss to departing employees. This is up from 73% last year.

Government organisations are bracing for the steepest rise (73%) in insider threats.

In the Middle East, unauthorised GenAI is the top insider concern (31%).

More than three-quarters of organisations (76%) report some level of unapproved Generative AI (GenAI) usage.

The majority (54%) of organisations expect insider threat growth to continue.

Unapproved GenAI usage rates are highest in technology (40%), financial services (32%), and government (38%).

AI-enhanced phishing and social engineering are the most concerning tactics (27%) for insider threats.

53% of cybersecurity professionals expect insider threats to increase.