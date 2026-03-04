LEXINGTON, Mass., March 04, 2026 (GLOBE NEWSWIRE) -- Mimecast, a global leader in managing human risk, today released its 9th annual State of Human Risk Report, revealing that 42% of organizations reported an increase in malicious insider incidents over the past year, matching the 42% reporting a rise in negligent incidents for the first time. This parity marks a fundamental shift in enterprise security where intentional betrayal by employees rivals accidental mistakes as a primary security concern.

Organizations reporting increases in malicious insider concerns jumped nearly 10 percentage points over two years up from 33% in 2024 to 42% in 2026. The study of 2,500 IT security and IT decision makers across nine countries also quantifies the financial toll: organizations experience an average of six insider-driven incidents per month at an estimated cost of $13.1 million per incident, while 66% expect insider-related data loss to increase over the next 12 months.

The study explored dozens of facets of securing human risk and some of the other key findings include:

AI threat preparation lags despite inevitable attacks – Sixty-nine percent of security leaders say AI attacks against their organization are inevitable within 12 months, yet 60% are not fully prepared.

Sixty-nine percent of security leaders say AI attacks against their organization are inevitable within 12 months, yet 60% are not fully prepared. Critical coordination gap undermines defenses – Just 28% of respondents coordinate security training with continuous monitoring. This critical coordination gap undermines defenses, leaving people-focused and technology-focused initiatives disconnected.

Just 28% of respondents coordinate security training with continuous monitoring. This critical coordination gap undermines defenses, leaving people-focused and technology-focused initiatives disconnected. Expanding attack surface meets inadequate native security – As threats expand across email, collaboration platforms, and internal communications, 38% of organizations remain reliant solely on native security controls — tools that 64% of respondents acknowledge are not up to the task.

As threats expand across email, collaboration platforms, and internal communications, 38% of organizations remain reliant solely on native security controls — tools that 64% of respondents acknowledge are not up to the task. Governance failures create regulatory time bomb – Ninety-one percent face challenges maintaining governance and compliance over communications data. Fifty-nine percent lack confidence in quickly locating data to meet regulatory or legal requirements.

"Insider risk has become one of the most consequential and underestimated threats facing organizations today, not just because of the data loss it causes, but because attackers are increasingly exploiting insiders as a deliberate entry point to bypass perimeter defenses entirely," said Mimecast CISO Leslie Nielsen. "The data shows both careless mistakes and deliberate actions driving incidents in equal measure. Rather than trying to manage human behavior, organizations need adaptive controls that identify high-risk actions and adjust protections in real-time, creating friction when someone accesses data they shouldn't, regardless of whether they have valid credentials. As AI makes it easier for insiders to exfiltrate data at scale, security must meet users at the point of risk."

AI: The Accelerant Across an Expanding Attack Surface

The attack surface is rapidly expanding as employees work across email, GenAI platforms, and collaboration tools — yet security strategies have failed to keep pace. Native security controls are falling short: 38% of organizations rely on them exclusively for collaboration tools, even as 64% admit they are insufficient against modern threats.

At the same time, AI is emerging as a force multiplier for both external attackers and malicious insiders. Sixty-nine percent of security leaders say AI attacks are inevitable within 12 months, yet 60% are not fully prepared. Attackers use AI to recruit insiders, craft convincing social engineering attacks, and automate reconnaissance.

Governance, Visibility, and the Compliance Time Bomb

Ninety-one percent of organizations face challenges maintaining governance and compliance over communications data, limiting their ability to detect, investigate, and respond to incidents effectively. Fifty-nine percent lack confidence in quickly locating data to meet regulatory or legal requirements — a regulatory time bomb as compliance requirements intensify.

Fragmented Defenses, Coordinated Threats

A dangerous irony undermines defense efforts: 65% of organizations find security tool integration too complicated, while attackers face no such constraints. Modern attack chains seamlessly combine CAPTCHA-protected phishing, embedded JavaScript, and legitimate remote management tools, exploiting the gaps between disconnected security controls.

Only 28% of organizations combine both regular security awareness training and continuous monitoring. This means when a high-risk user is identified through behavioral analytics, that intelligence doesn't automatically trigger coordinated responses across access controls, data loss prevention, and monitoring systems.

However, those who successfully integrate are reporting dramatic benefits: 40% achieve faster threat remediation, comprehensive visibility, and improved compliance readiness. The challenge isn't whether integration delivers value — it's that most organizations remain constrained by tool sprawl, unable to correlate threats across email, collaboration platforms, and data repositories.

The Path Forward: Coordinating for Human Risk

Organizations can no longer treat their communication channels, collaboration platforms, and employee behaviors as isolated security concerns, nor rely on native controls that were never designed to stop human-targeted attacks at scale. Addressing human risk means meeting people where they are - in their inboxes, their workflows, and their daily decisions - with a holistic strategy that spans the full threat landscape.

The solution requires coordinated action across four dimensions:

Integrated visibility across all communication and collaboration channels Behavioral analytics and security behavior management that identify high-risk users and anomalous activity patterns while driving measurable change in how employees respond to threats Data governance and protection that safeguards sensitive information regardless of where it resides or how it moves Coordinated response that connects people-focused and technology-focused security controls

Organizations that address these requirements will detect and prevent insider threats before costly breaches occur. Those that maintain fragmented approaches will see security spending rise while protection effectiveness declines.

RESEARCH METHODOLOGY

Mimecast commissioned Vanson Bourne to survey 2,500 IT security and IT decision makers across nine countries in November and December 2025. All organizations surveyed had more than 250 employees and more than 250 email users. Organization sizes ranged from 250 to over 10,000 employees.

Geographic Coverage: United States (500), United Kingdom (300), Germany (300), France (300), Spain (200), Italy (200), South Africa (200), Singapore (250), Australia (250)

Sectors Covered: A range of private and public sectors, including financial services, healthcare (public and private), IT/technology/telecoms, manufacturing, retail, public sector, energy/utilities, business services, construction, consumer services, media/entertainment

