Keypoints
- Insider breaches up 34 percent
- $15.2m average breach cost
- AI and collaboration are vital
AS organisations race to secure their digital frontiers, a silent and insidious danger continues to grow from within — the insider threat. According to the 2025 Insider Risk Investigations Report, insider threats now account for 34 percent of all data breaches globally, with the average cost per breach rising to $15.2 million, a staggering 25 percent increase over the past three years.
In an era shaped by digital transformation, AI proliferation, and intensifying geopolitical tensions, internal threats — whether malicious, careless, or compromised — pose an unprecedented challenge. And yet, many organisations continue to operate under outdated assumptions about trust, access, and risk visibility.
Trust is no longer a given
The long-held belief that employees, contractors, or partners are inherently trustworthy is no longer sustainable. Cybercriminals have learned to manipulate internal systems — from hijacking legitimate credentials to exploiting negligent staff and leveraging third-party weaknesses. The notion of a secure perimeter is obsolete.
Modern-day adversaries do not always strike from the outside. In some cases, insiders are deliberately weaponised by foreign actors. In others, employees make costly mistakes under pressure or poor training. Regardless of intent, the damage is real — not just in monetary terms, but in reputational harm, regulatory penalties, and long-term operational disruption.
Take the case of the European energy sector attack in April 2025, where a radicalised employee sabotaged safety protocols, leading to a regional grid failure. Or the March 2025 breach at a US defence subcontractor, where sensitive blueprints were exfiltrated via encrypted apps. These incidents were not simply IT failures — they were lapses in human oversight, access control, and cultural resilience.
The AI arms race is under way
Artificial intelligence is now a double-edged sword in cybersecurity. On one hand, AI-driven behavioural analytics can detect anomalies with staggering accuracy — some models, such as Random Forest algorithms, have achieved 99.8 percent success rates in identifying suspicious email activity.
On the other hand, threat actors are harnessing AI to automate phishing campaigns, generate deepfakes, and manipulate audio convincingly enough to dupe organisations into catastrophic decisions. One multinational corporation recently lost millions after falling victim to a deepfake voice clone of a senior executive during a high-stakes wire transfer.
The line between human and machine deception is blurring. Without advanced AI-defensive capabilities, organisations are increasingly vulnerable to these new, hybridised attack vectors that merge cyber, physical, and psychological warfare.
Delayed responses cost lives — and trust
One of the most alarming findings in the report is the 85-day average it takes to detect and contain insider breaches. In that time, attackers can compromise critical systems, leak sensitive data, and damage public confidence. In healthcare alone, organisations are facing over $11 million in breach-related costs, driven by loss of patient trust and regulatory fines.
In this context, real-time detection and proactive threat hunting are no longer optional. Security teams must move away from passive, rules-based defence and embrace intelligence-led models that prioritise anomaly detection, behaviour analytics, and AI-assisted correlation of threat signals.
Collaboration is not a luxury — it’s survival
One of the most crucial takeaways from the 2025 report is this: no organisation can fight insider threats alone.
Insider risks span sectors, jurisdictions, and technologies. They require a collective approach that includes cross-industry collaboration, shared threat intelligence, and joint simulation exercises that train organisations to identify red flags and act swiftly.
Through these efforts, we can develop standardised frameworks for ethical data exchange, build rapid-response capacity, and strengthen legal and operational protocols that safeguard both privacy and trust.
Building a culture of resilience
While technology plays an essential role in security, culture is the ultimate defence layer. Organisations must normalise open dialogue around risk, build secure channels for anonymous reporting, and invest in employee mental health to reduce stress-induced vulnerabilities.
Security training must go beyond tick-box compliance. It must empower staff to recognise social engineering tactics, detect behavioural anomalies among colleagues, and understand their role in the broader threat landscape.
More importantly, organisations must shift towards zero trust architectures — a model that assumes compromise is inevitable and verifies every access request, every time. The fact that 81 percent of firms plan to adopt Zero Trust by 2026 signals a fundamental change in how we define trust in the digital age.
Looking forward
The 2025 Insider Risk Investigations Report is not just a diagnostic tool — it’s a roadmap for systemic change. It compels us to redefine trust, restructure our access policies, and rethink how we respond to the human element in cybersecurity.
At the heart of this shift is a call to action: break down silos, empower your people, and collaborate widely. Insider threats are complex, adaptive, and increasingly AI-powered. But with the right mindset — built on transparency, shared intelligence and cultural resilience — we can stay ahead of them.
In a time when data is currency and trust is power, our collective security depends not only on firewalls and algorithms, but on collaboration, awareness, and the courage to act before it’s too late.
