AI means cyber teams are rethinking their approach to insider threats

Insider threat concept image showing three company employee badges, with one glowing red with a warning sign.

(Image credit: Getty Images)

Nearly two-thirds of European cybersecurity professionals see insider threats as their biggest security risk – and AI is making things worse.

A new report from Exabeam shows 64% now view insiders, whether malicious or compromised, as a bigger risk than external threat actors.

Notably, a key factor behind this shift in focus is the use of generative AI among cyber criminals, the study found, which is making attacks faster, stealthier, and more difficult to detect.

“Insiders aren’t just people anymore,” said Steve Wilson, chief AI and product officer at Exabeam. “They’re AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed.”

“The question isn’t just who has access — it’s whether you can spot when that access is being abused,” Wilson added.

Over the past year, Exabeam found more than half (53%) of organizations have seen a measurable increase in insider incidents, with 54% saying they expect that growth to continue.

Government organizations are the most concerned about threats of this kind, at 73%, followed by manufacturing (60%) and healthcare at (53%).

Insider threats aren’t the only worry

Unauthorized use of generative AI isn't helping, according to Exabeam, with 67% of organizations reporting some level of unapproved usage.

Those in technology recorded the highest rates of unauthorized use, at 40%, followed by government at 38% and financial services at 32%.

This leads to all sorts of security risks, with a recent report from Palo Alto Networks finding that data loss prevention incidents related to generative AI more than doubled in early 2025 - with 10% of these classified as high risk.

While 88% of organizations told Exabeam that they have insider threat programs, only 44% are using user and entity behavioral analytics, with many continuing to rely on identity and access management (IAM) tools, security training, data loss prevention (DLP) software, and endpoint detection and response (EDR).

These tools, Exabeam said, provide visibility but not the crucial behavioral context necessary to spot subtle or emerging risks.

Virtually all organizations are using some form of AI in their insider threat tooling, yet governance and operational readiness lag far behind.

Similarly, while more than half of executives believe their AI tools are fully deployed, managers and analysts think differently, saying many are still in the pilot or evaluation stages.

“AI has added a layer of speed and subtlety to insider activity that traditional defenses weren’t built to detect,” said Kevin Kirkwood, CISO, Exabeam.

“Security teams are deploying AI to detect these evolving threats, but without strong governance or clear oversight, it’s a race they’re struggling to win. This paradigm shift requires a fundamentally new approach to insider threat defense.”

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.