Nearly two-thirds of European cybersecurity professionals see insider threats as their biggest security risk – and AI is making things worse.
A new report from Exabeam shows 64% now view insiders, whether malicious or compromised, as a bigger risk than external threat actors.
Notably, a key factor behind this shift in focus is the use of generative AI among cyber criminals, the study found, which is making attacks faster, stealthier, and more difficult to detect.
“Insiders aren’t just people anymore,” said Steve Wilson, chief AI and product officer at Exabeam. “They’re AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed.”
“The question isn’t just who has access — it’s whether you can spot when that access is being abused,” Wilson added.
Over the past year, Exabeam found more than half (53%) of organizations have seen a measurable increase in insider incidents, with 54% saying they expect that growth to continue.
Government organizations are the most concerned about threats of this kind, at 73%, followed by manufacturing (60%) and healthcare at (53%).
Insider threats aren’t the only worry
Unauthorized use of generative AI isn't helping, according to Exabeam, with 67% of organizations reporting some level of unapproved usage.
Those in technology recorded the highest rates of unauthorized use, at 40%, followed by government at 38% and financial services at 32%.
This leads to all sorts of security risks, with a recent report from Palo Alto Networks finding that data loss prevention incidents related to generative AI more than doubled in early 2025 - with 10% of these classified as high risk.
While 88% of organizations told Exabeam that they have insider threat programs, only 44% are using user and entity behavioral analytics, with many continuing to rely on identity and access management (IAM) tools, security training, data loss prevention (DLP) software, and endpoint detection and response (EDR).
These tools, Exabeam said, provide visibility but not the crucial behavioral context necessary to spot subtle or emerging risks.
Virtually all organizations are using some form of AI in their insider threat tooling, yet governance and operational readiness lag far behind.
Similarly, while more than half of executives believe their AI tools are fully deployed, managers and analysts think differently, saying many are still in the pilot or evaluation stages.
“AI has added a layer of speed and subtlety to insider activity that traditional defenses weren’t built to detect,” said Kevin Kirkwood, CISO, Exabeam.
“Security teams are deploying AI to detect these evolving threats, but without strong governance or clear oversight, it’s a race they’re struggling to win. This paradigm shift requires a fundamentally new approach to insider threat defense.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
74% of companies admit insecure code caused a security breachNews A large number of data breaches are linked to insecure code, prompting calls for better training
-
Data I/O shuts down systems in wake of ransomware attackNews Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Cyber pros say the buck stops with the board when it comes to security failingsNews Fines, sanctions, and even prosecution are all on the table when it comes to cyber failings, practitioners believe
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
Employee distraction is now your biggest cybersecurity riskNews Workplace distraction is the top reason organizations fall victim to cyber attacks, according to new research.
-
Apple just released an emergency patch for a zero-day exploited in the wild – here’s why you need to update nowNews Apple is warning millions of users of iPhones, iPads and Macs to update their software to protect against an out-of-bounds write vulnerability
-
Cyber teams are struggling to keep up with a torrent of security alertsNews Fragmented identity security processes are creating blind spots, and the proliferation of tools doesn't help
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
