AI-Powered Insider Risks Accelerating Dramatically in Australia
In a recent global survey conducted by Sapio Research on behalf of Exabeam, it has been revealed that insider threats have surpassed external attacks as the primary security concern for organisations worldwide. The report, titled "From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk," polled a global audience of 1,010 cybersecurity professionals, including participants from key sectors such as technology, financial services, manufacturing, healthcare, retail, and government.
The findings suggest that more than half of executives globally believe AI tools are fully deployed, but managers and analysts paint a different picture, stating that many are still in pilot or evaluation stages. This discrepancy could potentially contribute to the rising concerns about insider threats.
In Australia, the report highlights AI-enhanced phishing and social engineering as the most concerning threat vector, with 28% of respondents expressing their concerns. AI has become a force multiplier for insider threats, enabling actors to operate with unprecedented efficiency and subtlety.
The Asia Pacific and Japan region leads in projected insider threat growth, with 69%, while the Middle East anticipates a decrease of 30%. Unauthorised use of Generative AI (GenAI) compounds the challenge, creating a dual-risk scenario where the same tools meant to boost productivity can be repurposed for malicious activity.
Privacy resistance, fragmented tools, and difficulty interpreting user intent remain major blind spots for security teams. Despite this, 94% of Australian organisations use AI in their insider threat tooling. However, most lack the behavioural analytics needed to catch abnormal activity early. Only 34% use user and entity behaviour analytics (UEBA), the foundational capability for insider threat detection.
Australia has a high awareness of insider threats, with 84% expecting them to grow in the next 12 months and 58% viewing insiders as a greater risk than external actors. In fact, 82% of respondents acknowledge that AI is increasing the effectiveness of insider attacks.
To combat these rising threats, Microsoft recommends initiatives such as analyzing sender behaviour, fine-tuning mass email filters, and using security tools like Microsoft Security Exposure Management to quantify risks, unify security stacks, and optimize attack surface management to improve insider risk defense.
As insider activity intensifies across industries, with 62% of Australian organisations seeing a measurable increase in insider incidents over the past year, it is crucial for organisations to prioritise insider threat defence strategies and invest in the necessary tools and analytics to stay ahead of these evolving threats.
