Latest insider risks report spotlights employee negligence and shadow AI

New research conducted by the Ponemon Institute for DTEX, based on interviews with 8750 IT and security practitioners from 354 global organisations, reveals that the average annual cost of insider risks reached £14.5 million ($19.5 million) in 2025. This represents a 20% increase over two years. However, even with rising costs, the average time taken to contain an incident fell to a record low of 67 days, down from 86 days in 2023.

Employee negligence remains the primary driver, accounting for £7.66 million ($10.3 million) in annual costs, representing 17% year-on-year growth. On average, organisations experienced 25 insider incidents during the year. The report highlights that faster containment significantly reduces the financial impact. Incidents resolved in under 30 days incur approximately £10.56 million ($14.2 million) annually, compared with £16.29 million ($21.9 million) for those lasting over 90 days.

Despite 63% of organisations now operating dedicated insider risk programmes that prevent an average of £6.10 million ($8.2 million) in breach-related costs, governance is failing to keep pace with the rise of artificial intelligence (AI). The report found that while 92% of companies acknowledge that generative AI has fundamentally altered how data is accessed, only 13% have formally integrated the technology into their business strategies. In addition, 73% of organisations expressed concern that unauthorised AI use creates invisible paths for data exfiltration. AI agents also represent a significant blind spot, as 44% of respondents believe malicious AI agents increase data theft risks, and only 19% currently classify these autonomous systems as equivalent to human insiders.

Training Announcement: Freevacy offers a range of short one-day courses on a range of data-related subjects, including data protection topics such as conducting DPIAs and privacy-by-design, as well as how to use AI tools responsibly, cybersecurity best practices, and information access. The interactive sessions cover basic concepts through to advanced examinations of specific areas. Find out more.