Key Findings
Only 15% of organizations feel fully prepared to handle the movement of sensitive data through SaaS and Shadow IT tools.
77% of organizations experienced insider-driven data loss in the past 18 months.
43% of security professionals are concerned about disgruntled employees.
55% of security professionals are concerned about departing employees.
• 21% of organizations faced more than 20 insider-related data loss incidents in the past 18 months.
17% of insider incidents involved personal healthcare information.
73% of security professionals are concerned about careless, negligent, or uninformed employees.
53% of insider incidents involved customer records.
47% of insider incidents involved personal information or Personally Identifiable Information (PII).
12% of detected insider incidents could not be attributed, underscoring challenges in detection.
40% of insider incidents involved business-sensitive financial and strategic information.
59% of security leaders are very concerned about accidental employee data leaks over the next 12 months.
Most insider incidents are unintentional: 62% were caused by negligent or compromised users.
Nearly half (49%) of insider incidents resulted specifically from accidental or negligent behavior.
Only 16% of insider incidents involved confirmed malicious intent.
37% of organizations reported detecting between 6 and 20 insider-related data loss incidents in the past 18 months.
76% of organizations reported losses exceeding $100,000 due to their most significant insider incident.
36% of insider incidents involved user credentials.
29% of insider incidents involved Intellectual Property (IP).
62% of security professionals are concerned about employees directly involved in the handling of sensitive data such as PII, PHI, or PCI.
When asked which egress channels for the outflow of sensitive data does your organization worry most about, 61% said personal cloud storage.
When asked which egress channels for the outflow of sensitive data does your organization worry most about, 56% said Generative AI tools like ChatGPT.
When asked which egress channels for the outflow of sensitive data does your organization worry most about, 55% said personal webmail.
When asked which egress channels for the outflow of sensitive data does your organization worry most about, 47% said removable media/storage devices like USB drives.
When asked which egress channels for the outflow of sensitive data does your organization worry most about, 44% said messaging apps.
When asked which egress channels for the outflow of sensitive data does your organization worry most about, 31% said screen captures.
49% of organizations agree, and 23% strongly agree, that they lack visibility into how users interact with sensitive data across endpoints, cloud apps, and GenAI platforms.
72% of organizations lack visibility into how users interact with sensitive data across endpoints, cloud apps, and GenAI platforms.
61% of security leaders are very concerned about credential compromise being used for insider activity over the next 12 months.
51% of organizations report operating at Maturity Level 2 (Implemented: tools are in place but fragmented across teams with limited integration).
46% say a lack of skilled staff is the biggest barrier to maturing their insider risk program.
42% say organizational silos (e.g., Security vs HR vs Legal) is the biggest barrier to maturing their insider risk program.
35% say insufficient budget is the biggest barrier to maturing their insider risk program.
31% say maintenance burden is the biggest barrier to maturing their insider risk program.
23% say user pushback or fear of harming culture is the biggest barrier to maturing their insider risk program.
72% of organizations say their budgets for insider risk or data protection are increasing.
Only 12% of organizations have a dedicated Insider Risk team.
47% of organizations utilize legacy Data Loss Prevention (DLP) tools to monitor insider activity.
Only 47% of security professionals strongly agree that their existing DLP tools are effective in protecting sensitive data from leaving the organization.
52% of security leaders cite Shadow AI/SaaS application control as a priority for next-generation solutions.
29% of organizations detected between 1 and 5 insider incidents in the past 18 months.
41% of organizations reported financial losses between $1 million and $10 million for their most significant insider incident.
67% of organizations reported a financial impact between $100,000 and $10 million for their most significant incident.
9% of organizations reported losses above $10 million due to their most significant insider incident.
13% of insider incidents involved credit cardholder data.
45% of organizations reported revenue or financial loss as the primary consequence of their most significant insider incident.
43% of organizations reported reputational damage as the primary consequence of their most significant insider incident.
Only 11% of organizations said their most significant insider incident had no significant impact.
43% of security professionals are concerned about third-party partners or contractors with access to their environment.
35% of security professionals are concerned about employees directly involved in the creation/development of intellectual property.
21% of security professionals are concerned about whistleblowers sharing or exposing data.
When asked which egress channels for the outflow of sensitive data does your organization worry most about, 69% said email.
45% of respondents are very concerned about sensitive data being shared with generative AI tools like ChatGPT.
Only 12% of organizations feel fully prepared to detect or respond to sensitive data being shared with GenAI tools.
Only 26% of organizations feel fully prepared to respond effectively to accidental employee data leaks.
Only 18% of organizations report achieving Maturity Level 3 (Optimized: Unified strategy, cross-functional governance, behavioral analytics, and integrated enforcement).
Only 14% of organizations feel fully confident in their insider threat detection capabilities.
38% say privacy or surveillance concerns is the biggest barrier to maturing their insider risk program.
38% of organizations place the insider risk function within Security/SOC.
52% say difficulty monitoring SaaS and hybrid work environments is the biggest barrier to maturing their insider risk program.
49% say tool complexity is the biggest barrier to maturing their insider risk program.
27% of organizations report significant growth in their insider risk or data protection budget over the past year.
26% of organizations place the insider risk function within a dedicated Data Protection or Data Security team.
Only 33% of organizations using DLP agree they gained immediate insight into data usage.
Only 27% of organizations using DLP can identify which users are putting data at risk.
66% of security leaders prioritize real-time behavioral analytics in a next-generation DLP or insider risk solution.
61% of security leaders prioritize "Day-one" data visibility across environments in a next-generation solution.