IT Brief US - Technology news for CIOs & IT decision-makers
United States
International Women’s Day
326 opinions Read now

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Moody nighttime office insider copying files digital security shield
#
Data Protection
#
Endpoint Protection
#
PAM

Insider risk costs soar as AI reshapes workplace data

Tue, 24th Feb 2026
Author image
By Mark Tarre, News Chief

Insider risk incidents are costing organisations an average of USD $19.5 million a year, as employee negligence remains the biggest driver of losses and generative AI changes how staff access and share information, according to a global study commissioned by DTEX and conducted by the Ponemon Institute.

The research found the average annual cost of insider risk rose 20% over two years to USD $19.5 million in 2025. It attributed the increase to the scale and severity of incidents, even as organisations reported faster response and containment.

Companies took an average of 67 days to contain an insider incident in 2025, down from 86 days in 2023. The study said this was the lowest containment time recorded in its tracking.

Organisations reported an average of about 25 insider incidents in 2025. The report grouped insider risk into negligent or mistaken employees, "outsmarted" employees (including credential theft), and malicious insiders.

Negligence costs

Negligence accounted for the largest share of losses. Annual costs linked to negligent insiders reached USD $10.3 million, up 17% year on year. Respondents reported an average of 13.8 negligent insider incidents, at an estimated USD $747,107 per incident.

Malicious insiders made up 27% of incidents, with associated costs of USD $4.7 million. "Outsmarted" insiders accounted for 20% of incidents and USD $4.5 million in costs, based on summary figures released with the research.

Containment was the largest cost component, estimated at USD $247,587 per incident. Escalation costs were far lower at USD $39,728.

The data also showed a strong link between response speed and overall losses. Incidents contained within 30 days cost an average of USD $14.2 million annually, compared with USD $21.9 million for incidents that took more than 90 days to contain.

Program maturity

Lower incident volumes and losses were associated with formal insider risk programmes and higher investment levels. Overall, 63% of organisations now operate a dedicated insider risk programme.

In 2025, organisations with established programmes prevented an average of seven insider security incidents per year, with avoided breach-related costs estimated at USD $8.6 million.

Nearly half of respondents (49%) rated their insider risk programmes as very to highly effective at preventing incidents. Insider risk spending also rose sharply as a share of IT security budgets, from 8.2% in 2023 to about 19% in 2025.

Most organisations expect budgets to keep rising. While 64% increased insider risk budgets in 2025, 45% still viewed funding as insufficient. Seventy percent expect budgets to rise again in 2026, with 28% anticipating increases of 10% or more.

AI blind spots

The report pointed to a widening gap between employee AI use and organisational governance. It found 92% of organisations said generative AI has fundamentally changed how employees access and share information.

Formal strategy and oversight lag. Only 13% said they had formally integrated AI into business strategies, while 73% said they worry unauthorised AI use is creating invisible paths for data exfiltration.

AI governance is also often missing from insider risk practices, with only 18% saying they had fully integrated AI governance into their insider risk programmes.

AI agents emerged as a specific concern. Forty-four percent of respondents believed malicious use of AI agents would significantly or moderately increase data theft risk. Nearly half reported minimal or no visibility into agent activity, and only 19% classified AI agents as equivalent to human insiders.

Tools and returns

Respondents linked certain security investments to greater financial savings. Identity management delivered the highest average annual cost savings among the technologies listed, at USD $6.1 million. Behavioural intelligence followed at USD $5.1 million.

Behavioural intelligence also drew strong endorsement. Seventy-one percent of organisations rated it important to essential, with 58% citing avoided financial impact as the primary benefit.

Defensive use of AI in security is also becoming more common. Some 42% of organisations now use AI to detect or prevent insider risks, with nearly half citing reduced false positives as the main benefit. Separately, 19% said they have deployed AI agents in daily workflows, and 71% of those rated the agents important to extremely important for early insider risk detection.

Marshall Heilman, chief executive officer of DTEX, said organisations were seeing results from more disciplined programmes but faced new risk patterns tied to AI.

"The results show real and meaningful progress at organizations with comprehensive and disciplined insider risk programs. Mature programs combined with modern tooling are clearly helping to prevent incidents before they occur. At the same time, the cost of insider risk continues to rise as their impact becomes more severe," Heilman said. "That contrast creates a powerful opportunity as AI becomes embedded across the workforce. Today, too few organizations classify AI agents as equivalent to human insiders, even as those agents operate with delegated authority, persistence, and reach. As a result, insider risk management and AI agent security are quickly converging. The same behavioral visibility and accountability that protect against insider risk must extend to AI systems. Organisations that apply those lessons will be better positioned to scale AI securely without sacrificing resilience in 2026 and beyond."

Larry Ponemon, chairman and founder of the Ponemon Institute, said the research aimed to measure the real-world impact of insider risk during a period shaped by shifts in automation and data access.

"Our goal in conducting this research is to quantify the real-world impact of insider risk in an environment reshaped by AI, automation, and expanding data access. By connecting behavior, technology, and outcomes, the research provides security leaders with evidence-based insight to prioritize investments, shorten response times, and reduce the impact of insider incidents," Ponemon said.

The study surveyed organisations across North America, EMEA and Asia-Pacific with headcounts from 500 to more than 75,000. It drew on interviews with 8,750 IT and IT security practitioners across 354 organisations that experienced one or more material events caused by an insider. Fieldwork ran over two months and concluded in September 2025.

Related stories
Acre links access control & intrusion in cloud suite
LiveRamp unveils AI agents for data-driven marketing
Google AI more negative than ChatGPT for brand reputation
How to navigate a career change into tech. As a woman. In your 40s
Endor Labs unveils AURI to secure AI-driven coding

Top stories

Women in tech call for systemic change beyond quotas
HPE complete care service: Refocused for your AI advantage
IRONSCALES adds AI agents to counter next‑gen phishing
1Kosmos adds identity checks to ServiceNow AI workflows
Delinea buys StrongDM to tackle AI-driven access risk