Nearly two-thirds of European cybersecurity professionals see insider threats as their biggest security risk – and AI is making things worse.
A new report from Exabeam shows 64% now view insiders, whether malicious or compromised, as a bigger risk than external threat actors.
Notably, a key factor behind this shift in focus is the use of generative AI among cyber criminals, the study found, which is making attacks faster, stealthier, and more difficult to detect.
“Insiders aren’t just people anymore,” said Steve Wilson, chief AI and product officer at Exabeam. “They’re AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed.”
“The question isn’t just who has access — it’s whether you can spot when that access is being abused,” Wilson added.
Over the past year, Exabeam found more than half (53%) of organizations have seen a measurable increase in insider incidents, with 54% saying they expect that growth to continue.
Government organizations are the most concerned about threats of this kind, at 73%, followed by manufacturing (60%) and healthcare at (53%).
Insider threats aren’t the only worry
Unauthorized use of generative AI isn't helping, according to Exabeam, with 67% of organizations reporting some level of unapproved usage.
Those in technology recorded the highest rates of unauthorized use, at 40%, followed by government at 38% and financial services at 32%.
This leads to all sorts of security risks, with a recent report from Palo Alto Networks finding that data loss prevention incidents related to generative AI more than doubled in early 2025 - with 10% of these classified as high risk.
While 88% of organizations told Exabeam that they have insider threat programs, only 44% are using user and entity behavioral analytics, with many continuing to rely on identity and access management (IAM) tools, security training, data loss prevention (DLP) software, and endpoint detection and response (EDR).
These tools, Exabeam said, provide visibility but not the crucial behavioral context necessary to spot subtle or emerging risks.
Virtually all organizations are using some form of AI in their insider threat tooling, yet governance and operational readiness lag far behind.
Similarly, while more than half of executives believe their AI tools are fully deployed, managers and analysts think differently, saying many are still in the pilot or evaluation stages.
“AI has added a layer of speed and subtlety to insider activity that traditional defenses weren’t built to detect,” said Kevin Kirkwood, CISO, Exabeam.
“Security teams are deploying AI to detect these evolving threats, but without strong governance or clear oversight, it’s a race they’re struggling to win. This paradigm shift requires a fundamentally new approach to insider threat defense.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Acer Swift Edge 14 AI reviewReviews An impressive super-light ultraportable with epic battery life and a superb, anti-reflective OLED screen
-
Nvidia’s Intel investment just gave it the perfect inroad to lucrative new marketsNews Nvidia looks set to branch out into lucrative new markets following its $5 billion investment in Intel.
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
-
Microsoft and Cloudflare just took down a major phishing operationNews RaccoonO365’s phishing as a service platform has risen to prominence via Telegram
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
BreachForums founder resentenced to three years in prisonNews A US appeals court vacated his previous sentence and remanded the case for resentencing
-
Jaguar Land Rover says IT disruption set to continueNews The automotive manufacturer is still not fully operational after the recent cyber attack
-
Nearly 700,000 customers impacted after insider attack at US fintech firmNews FinWise, which provides loans on behalf of US financial services firms, revealed a former employee accessed sensitive customer information after leaving the firm.
-
How to check if you’ve been affected by Salesforce attacks – and stop hackers dead in their tracksNews The FBI has issued a fresh advisory over the threat posed to Salesforce customers by two threat groups. Here's how you can stay safe and mitigate any risks.
-
Kids hacking for kicks are causing security headaches at schoolsNews More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
