A new Mimecast report warns that insider risk is a rising, potentially critical business threat, with internal cybersecurity risk having grown across organisations. According to the State of Human Risk Report 2026, insiders can be exploited by both negligent and malicious behaviour, including the misuse of AI tools that expand the attack surface.
Over the past year, 42% of organisations reported more threats from malicious insiders, and the same percentage noted a rise in cybersecurity incidents caused by employee negligence such as insecure data transfers and weak passwords. The paper also highlights that attackers deploy AI themselves to craft more effective phishing, while malicious insiders could use AI to exfiltrate data at scale.
According to Mimecast CISO Leslie Nielsen, insider risk is one of the most consequential threats today, driven by insiders as entry points to bypass perimeter protections. The research surveyed 2,500 IT security and decision makers across multiple regions, with organisations ranging from 250 to over 10,000 employees.