61% of US Firms Hit by Insider Data Breaches
▼ Summary
– The average cost of insider incidents per organization is $2.7 million, driven by regulatory fines, productivity loss, and data breaches.
– Nearly two-thirds (61%) of US firms experienced insider data breaches in the past two years, with malicious and unintentional insiders being the top risk.
– File storage environments, such as SharePoint and NAS devices, are considered the most vulnerable locations for data threats.
– One-third of organizations have banned generative AI tools, while only 25% have a formal policy for their workplace use.
– A significant portion of organizations are integrating or planning to integrate AI into their file security strategies, with many finding it effective.
A startling 61% of US companies have experienced insider data breaches within the last two years, according to recent research. These security incidents carry a heavy financial burden, with the average cost per organization reaching $2.7 million. These expenses stem from regulatory penalties, operational disruptions, and the serious consequences of losing sensitive customer information.
Both careless mistakes and deliberate actions by employees contribute to the problem. On average, affected businesses dealt with eight separate insider events that led to unauthorized exposure of confidential files. IT and security professionals point to data leakage from insiders, whether intentional or accidental, as their top file security concern, named by 45% of those surveyed.
Malicious insiders intentionally steal or leak company data for personal gain or to cause harm. In contrast, unintentional insiders may inadvertently share sensitive details, such as by posting proprietary information on public AI platforms without realizing the risk.
File storage systems are viewed as the most vulnerable environment, identified by 42% of participants. This category includes on-premises solutions like SharePoint and network-attached storage devices. Web-based file uploads and downloads from SaaS applications and collaboration tools, such as Microsoft Teams, also ranked high among security risks.
The study also examined how organizations are responding to the rise of generative AI. Nearly one-third have prohibited the use of these tools entirely, while only a quarter have established formal workplace policies governing AI. Despite this caution, many see value in artificial intelligence for strengthening defenses; 33% of firms have already integrated AI into their file security strategies, and another 29% plan to do so by 2026.
Among those using or planning to use AI for security, 59% believe it significantly improves their ability to protect sensitive files. Current adoption varies, with 29% of organizations testing generative AI for file access purposes and 18% already using it in live environments.
(Source: Info Security)
