A new multinational report, From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk, based on a global survey of 1,010 cybersecurity professionals across key sectors, reveals that insider threats have overtaken external attacks as the top security concern, with AI accelerating the shift.
Australia stands out globally in insider risk awareness, with 84% expecting insider threats to grow in the next 12 months with 58% now viewing insiders, whether malicious or compromised, as a greater risk than external actors. Generative AI (GenAI) is a major driver of insider threats, as it makes attacks faster, stealthier, and more difficult to detect.
“Insiders aren’t just people anymore,” said Steve Wilson (pictured), Chief AI and Product Officer at Exabeam. “They’re AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed. The question isn’t just who has access — it’s whether you can spot when that access is being abused.”
Insider Threat Growth Shows No Signs of Slowing
Insider activity is intensifying across industries, driven by both malicious intent and accidental compromise. Over the past year, 62% of Australian organisations have seen a measurable increase in insider incidents. This surge is not uniform; risk trajectories vary sharply by geography and sector. As a whole, the Asia Pacific and Japan region leads in projected insider threat growth (69%) reflecting heightened awareness of identity-driven attacks. The Middle East stands apart, with nearly one-third (30%) anticipating a decrease, a signal of either stronger confidence in current defences or a potential underestimation of evolving risks. These contrasts underscore the complexity of the insider threat landscape and the need for defence strategies that align with regional realities.
AI is Powering Faster, Smarter, and Stealthier Insider Attacks
AI has become a force multiplier for insider threats, enabling actors to operate with unprecedented efficiency and subtlety. These attacks can adapt in real time, mimic legitimate communications, and exploit trust at a scale and speed human adversaries cannot match. In Australia, 82% of respondents acknowledge that AI is increasing the effectiveness of insider attacks. In particular, AI-enhanced phishing and social engineering emerged as the most concerning threat vector in Australia (28%), followed by privilege misuse or shadow IT/unapproved Gen AI (22%) and privilege misuse or unauthorised access (16%).
Unauthorised GenAI use compounds the challenge, creating a dual-risk scenario where the same tools meant to boost productivity can be repurposed for malicious activity. 72% of Australian organisations have reported some level of unapproved GenAI tool usage by employees, with 22% indicating this as the top insider concern. Globally, the convergence of insider access and AI capabilities is producing threats that evade traditional controls and demand more advanced behavioural detection.
Most Insider Threat Programs Still Miss the Mark on Detection
While 84% of Australian organisations say they have insider threat programs, most lack the behavioural analytics needed to catch abnormal activity early. Less than half of them (34%) use user and entity behaviour analytics (UEBA), the foundational capability for insider threat detection. Many continue to rely on identity and access management, security training, data loss prevention (DLP), and endpoint detection and response (EDR), tools that provide visibility but not the behavioural context necessary to spot subtle or emerging risks.
AI adoption is widespread, 94% of Australian organisations using some form of AI in their insider threat tooling, yet governance and operational readiness lag far behind. More than half of executives (55%) globally believe AI tools are fully deployed, but managers and analysts say many are still in pilot or evaluation stages. Compounding the challenge, security teams face persistent barriers: privacy resistance, fragmented tools, and difficulty interpreting user intent remain major blind spots.
“AI has added a layer of speed and subtlety to insider activity that traditional defences weren’t built to detect,” said Kevin Kirkwood, CISO, Exabeam. “Security teams are deploying AI to detect these evolving threats, but without strong governance or clear oversight, it’s a race they’re struggling to win. This paradigm shift requires a fundamentally new approach to insider threat defence.”
Closing the Insider Threat Gap
As insider threats accelerate, driven by AI, identity misuse, and a lack of behavioural visibility, organisations that succeed will be those that align leadership priorities with operational reality. Progress will come from moving beyond surface-level compliance to approaches that focus on context, accurately distinguish between human and AI-driven activity, and foster collaboration across teams to close visibility gaps.
Bridging this divide requires more than policy changes. It demands leadership engagement, cross-functional cooperation, and governance models that keep pace with the speed of AI adoption. Success will be defined by the ability to shorten detection and response times, reduce the window of opportunity for insider activity, and adapt strategies as threats evolve.
To access the full report, From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk, visit here
Methodology
This report is based on research conducted by Sapio Research on behalf of Exabeam during June and July 2025. The survey represents a global audience of 1,010 cybersecurity professionals, including analysts, security team leads, and executive decision-makers across key sectors such as technology, financial services, manufacturing, healthcare, retail, and government. Respondents were required to either work directly in a cybersecurity function or be responsible for managing security teams.
The organisations represented varied in size, with a significant portion of participants coming from large enterprises with 500+ employees.
You can read the full report here.
