A new report from cybersecurity firm Exabeam has revealed that insider threats, amplified by artificial intelligence (AI), are now the predominant security concern for organisations worldwide.
Titled From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk, the study, released on 21 August 2025, is based on a survey of 1,010 cybersecurity professionals across various sectors. It highlights how generative AI (GenAI) is transforming insiders – whether malicious employees or compromised systems – into more effective adversaries than external hackers.
With 64% of respondents viewing insiders as a greater risk, the findings point to a paradigm shift in cybersecurity, driven by AI’s speed and stealth.
The report comes amid growing concerns over data breaches and identity-driven attacks. Exabeam’s Chief AI and Product Officer, Steve Wilson, noted: “Insiders aren’t just people anymore. They’re AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed.” This evolution demands urgent enhancements in detection and response strategies, as traditional defences falter against AI-enhanced tactics.
Increasing Insider Threats
The survey indicates a significant escalation in insider incidents, with 53% of organisations reporting an increase over the past year. Looking ahead, 54% anticipate further growth, signalling no abatement in this trend. Insider threats encompass both intentional malice, such as data theft by disgruntled employees, and accidental compromises, like falling victim to phishing.
Sectoral variations are pronounced. Government entities are preparing for the sharpest surge, with 73% expecting a rise, attributed to expanded access to sensitive systems. Manufacturing follows at 60%, while healthcare stands at 53%, where patient data vulnerabilities heighten risks.
These figures reflect the broadening attack surface in critical industries, where insiders often hold legitimate credentials, making breaches harder to spot.
Geographically, the Asia-Pacific and Japan region leads with 69% projecting growth, indicative of heightened awareness of identity-based threats. In contrast, the Middle East shows optimism, with 30% anticipating a decrease – possibly due to robust defences or an underestimation of AI-driven evolutions. These disparities emphasise the need for tailored, region-specific strategies in a globally interconnected threat landscape.
AI’s Role In Amplifying Attacks
AI emerges as a pivotal enabler of insider threats, with 74% of professionals reporting that it makes such attacks more effective. GenAI tools allow adversaries to execute operations faster and more covertly, evading conventional security measures. Notably, two of the top three threat vectors are AI-related, with AI-enhanced phishing and social engineering topping the list at 27%. These methods adapt in real-time, mimicking authentic communications and exploiting trust on an unprecedented scale.
Unauthorised GenAI usage exacerbates the issue, creating dual risks where productivity tools become weapons.
A staggering 76% of organisations report some level of unapproved use, with technology sectors at 40%, financial services at 32%, and government at 38%. In the Middle East, this ranks as the primary concern at 31%, highlighting governance gaps amid rapid AI adoption. Globally, the fusion of insider privileges and AI capabilities is spawning threats that traditional controls cannot counter, demanding advanced behavioural detection.
Exabeam’s Chief Information Security Officer, Kevin Kirkwood, warned: “AI has added a layer of speed and subtlety to insider activity that traditional defences weren’t built to detect. Security teams are deploying AI to detect these evolving threats, but without strong governance or clear oversight, it’s a race they’re struggling to win.”
Detection & Programme Shortcomings
Despite widespread recognition of the problem, most organisations’ defences remain inadequate. While 88% claim to have insider threat programmes, only 44% incorporate user and entity behaviour analytics (UEBA) – essential for identifying anomalies early. Many rely on identity and access management, security training, data loss prevention (DLP), and endpoint detection and response (EDR), which offer visibility but lack the contextual insight needed for subtle risks.
AI integration in security tools is near-universal at 97%, yet operational maturity lags. Executives often overestimate deployment, believing tools are fully operational, while managers and analysts report many are still in pilot phases. Persistent challenges include privacy concerns, tool fragmentation, and difficulties in interpreting user intent, creating blind spots that allow threats to fester.
The report identifies an “analytics gap” where behavioural visibility breaks down, particularly against AI agents that mimic human actions. This mismatch between adoption and governance leaves organisations vulnerable, prolonging detection times and expanding windows for damage.
Closing the Gap: Recommendations
To combat this hybrid threat landscape, Exabeam advocates bridging the divide between leadership priorities and operational realities. Success hinges on fostering cross-functional collaboration, enhancing governance models, and prioritising behavioural analytics to differentiate human from AI-driven activities.
Key recommendations include moving beyond compliance-focused approaches to context-rich strategies that shorten response times.
Organisations should invest in UEBA and AI-powered detection to close visibility gaps, while implementing strict policies on GenAI use. Leadership engagement is crucial to align strategies with evolving risks, ensuring defences evolve at AI’s pace.
The report concludes that proactive measures – such as regular audits, employee training on AI risks, and integrated security platforms – will define resilient organisations. As insider threats, supercharged by AI, continue to outpace external ones, the imperative is clear: adapt or risk compromise.
In summary, Exabeam’s findings paint a sobering picture of a cybersecurity domain in flux. With insider risks now dominant, driven by AI’s transformative power, organisations must prioritise advanced analytics and governance to safeguard against this insidious evolution.
The full report is available on Exabeam’s website, offering deeper insights for cybersecurity practitioners.
Image: Ideogram
You Might Also Read:
Making Insider Threats A Year Round Priority:
If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
Cyber Security Intelligence: Captured Organised & Accessible
