EMPLOYEE negligence driven by shadow AI cost organisations more than any other type of insider risk last year, accounting for 53% of the $19.5m lost on average per business, according to DTEX. The security vendor’s Cost of Insider Risks 2026 report was produced by the Ponemon Institute and based on interviews with 8,750 IT and security practitioners in 354 global organisations.
Malicious incidents such as sabotage, data theft, fraud and unauthorized disclosure accounted for 27% ($4.7m) of the total lost to insider risks last year, DTEX claimed. That pales in comparison to negligence (e.g. ignoring IT warnings) and mistakes (e.g. accidentally pressing the wrong button), which amounted to an average of $10.3m in losses per company. A third category of “outsmarted” employees refers to those that may have been phished, accounting for the smallest share of losses: 20% or $4.5m. In total, the report catalogued 7,490 incidents and recorded a 20% increase in insider-related losses since 2023.