A growing number of Australian organisations are reporting increases in malicious insider activity, with intentional threats now rising faster than incidents caused by employee negligence for the first time.
The finding comes from Mimecast’s 2026 State of Human Risk Report, released on 5 March, which surveyed 2,500 IT security and decision-makers globally, including 250 in Australia. According to the research, 41 percent of Australian organisations reported an increase in malicious insider incidents over the past year, compared with 38 percent reporting a rise in negligence-based incidents.
The shift signals a changing threat landscape in which intentional insider activity is emerging as a primary security concern, rather than accidental errors by employees.
Globally, organisations reporting increased concern over malicious insiders rose from 33 percent in 2024 to 41 percent in 2026. The study also highlights the financial impact of insider-driven incidents, with organisations experiencing an average of six such events per month, costing an estimated AUD $18.4 million per incident. Around 66 percent of respondents expect insider-related data loss to increase over the next 12 months.
John Taylor, Field Chief Technology Officer for APAC at Mimecast, said the findings suggest attackers are increasingly exploiting insiders as a deliberate entry point into corporate systems.
“While negligence has traditionally been the primary insider concern, intentional betrayal is now growing at a faster rate,” Taylor said. “Attackers are seeing an opportunity to increasingly exploit insiders as a deliberate entry point to bypass perimeter defenses entirely.”
AI and collaboration tools expand attack surface
The report also identifies artificial intelligence and collaboration technologies as amplifying human risk across organisations.
Sixty-eight percent of Australian security leaders believe AI-driven attacks targeting their organisations are inevitable within the next 12 months. However, more than half (52 percent) say their organisations are not fully prepared to respond.
Attackers are using AI to automate reconnaissance, develop convincing social engineering campaigns and potentially recruit insiders, according to the report.
At the same time, the expansion of collaboration platforms and internal communications tools has widened the attack surface. Mimecast found that 38 percent of Australian organisations rely solely on native security controls within collaboration platforms, despite 64 percent acknowledging these tools are insufficient to defend against modern threats.
Disconnect between awareness and technical controls
The research highlights a gap between employee security awareness initiatives and technical monitoring systems.
Only 28 percent of organisations coordinate security training with continuous monitoring tools, meaning behavioural insights about high-risk users are often not automatically linked to technical responses such as access control restrictions or data loss prevention measures.
This disconnect leaves organisations vulnerable to complex attack chains that combine phishing, embedded malicious code and legitimate administrative tools.
Governance and compliance pressures
Governance and compliance management is another major challenge identified in the report. Ninety-one percent of Australian organisations reported difficulties maintaining governance over communications data, while 53 percent said they lacked confidence in their ability to quickly locate data to meet regulatory or legal requirements.
The issue is particularly significant as regulatory obligations around data retention, privacy and incident reporting continue to expand.
The report suggests fragmented security tools and poor integration are contributing to the problem. While 67 percent of organisations say security tool integration is overly complex, attackers face no such constraints and routinely combine multiple techniques within a single attack chain.
According to Mimecast, organisations that successfully integrate behavioural insights, monitoring systems and governance frameworks report measurable improvements, including faster threat remediation, improved visibility and stronger compliance readiness.
The findings highlight the growing importance of addressing “human risk” in cybersecurity strategies, as organisations increasingly operate across distributed work environments, cloud platforms and AI-driven tools.
Mimecast argues that managing insider risk now requires coordinated approaches spanning visibility across communication platforms, behavioural analytics, strong data governance and integrated response mechanisms capable of detecting high-risk actions in real time.
You can read the full report here.
