Cyber

Malicious Insider Incidents Overtake Negligence-Based Threats In Australia

Mimecast’s 9th annual State of Human Risk Report found 41% of Australian organisations report rise in malicious insider incidents over the past year, overtaking the 38% that saw an increase in negligence-based threats for the first time. Report highlights widening gap between security awareness and technical controls.

Matthew Giannelis
Matthew Giannelis

A new Mimecast report suggests Australian organisations may be entering a dangerous phase of internal security risk, with deliberate insider threats now increasing faster than accidental employee mistakes for the first time.

The company’s 9th annual State of Human Risk Report found that 41% of Australian organisations recorded an increase in malicious insider incidents over the past year, compared with 38% that saw a rise in negligent incidents.

The result is more than a statistical crossover. It points to a deeper shift in enterprise security, where intentional misconduct from within is no longer a secondary concern, but an increasingly central one.

That change is reflected globally as well. Organisations reporting increases in malicious insider concerns rose from 33% in 2024 to 41% in 2026.

Mimecast’s study surveyed 2,500 IT security and IT decision-makers worldwide, including 250 in Australia, and puts a heavy financial weight behind the findings.

On average, organisations are experiencing six insider-driven incidents each month, with each incident estimated to cost AUD$18.4 million. At the same time, 66% expect insider-related data loss to increase over the next 12 months.

Taken together, the findings paint a picture of security teams being squeezed from multiple directions: rising insider intent, growing AI capability, weak coordination between tools and people, and governance systems that are struggling to keep pace.

Among the report’s other key findings:

  • AI threat preparation lags despite inevitable attacks – Sixty-eight percent of Australian security leaders say AI attacks against their organisation are inevitable within 12 months, yet 52% are not fully prepared.

  • Critical coordination gap undermines defenses – Just 28% of respondents coordinate security training with continuous monitoring. This critical coordination gap undermines defenses, leaving people-focused and technology-focused initiatives disconnected.

  • Expanding attack surface meets inadequate native security – As threats expand across email, collaboration platforms, and internal communications, 38% of Australian organisations remain reliant solely on native security controls — tools that 61% of respondents acknowledge are not up to the task.

  • Governance failures create a regulatory time bomb – Ninety-one per cent face challenges maintaining governance and compliance over communications data. Fifty-three per cent lack confidence in quickly locating data to meet regulatory or legal requirements.

“We’re seeing a concerning acceleration in malicious insider threats across Australia,” said John Taylor, Field Chief Technical Officer, APAC at Mimecast.

“While negligence has traditionally been the primary insider concern, intentional betrayal is now growing at a faster rate.”

“41% of organisations reported increases in malicious insider activity versus 38% for negligence. This represents a fundamental shift,” said Taylor

“Additionally, attackers are seeing an opportunity to increasingly exploit insiders as a deliberate entry point to bypass perimeter defences entirely.”

“The historical hard network boundary is long gone, so organisations need adaptive controls that identify high-risk actions in real time and create friction when someone tries to access data they should not.”

“As AI makes it easier for insiders to exfiltrate data at scale, security now needs to meet users at the point of risk with controls that respond wherever those threats emerge.”

“The base principle is that visibility is key. By achieving end-to-end visibility, the three key areas of governance, cyber culture/awareness and incident response will mature as organisations are able to react strategically and operationally to the right things.” he said.

AI widens an already growing attack surface

One of the clearest themes running through the report is that organisations are trying to defend a workplace that has already outgrown traditional security assumptions.

Staff now move fluidly across email, collaboration platforms, internal communications systems and generative AI tools, yet many security strategies still appear built for a narrower, more contained environment.

Mimecast found that 38% of Australian organisations rely exclusively on native security controls to protect collaboration tools, despite 64% admitting those controls are insufficient against modern threats. That gap is becoming harder to ignore as AI changes the pace and scale of attacks.

Sixty-eight percent of security leaders say AI-driven attacks are inevitable within the next year, but more than half say they are not fully prepared.

The report argues that AI is now serving as a force multiplier for both outside attackers and malicious insiders, helping to recruit insiders, sharpen social engineering campaigns and automate reconnaissance.

Governance strain is becoming a compliance risk

The report also suggests many organisations are carrying structural weaknesses in data governance that could become more costly as regulation tightens.

Ninety-one per cent of Australian organisations said they face challenges maintaining governance and compliance over communications data, a shortcoming that can restrict their ability to detect, investigate and respond to incidents.

More than half — 53% — said they are not confident they could quickly locate the data required to satisfy legal or regulatory demands.

Mimecast characterises that as a regulatory time bomb, and the language does not feel overstated.

In an environment where communications are scattered across inboxes, collaboration suites and cloud platforms, visibility is no longer just a security issue. It is becoming a legal and operational one as well.

Disconnected defences leave dangerous gaps

Another striking finding is the disconnect between the complexity facing defenders and the relative simplicity of attack execution.

According to the report, 67% of Australian organisations say security tool integration is overly complicated, even as attackers continue to build seamless attack chains across multiple systems.

“Only 28% of organisations combine both regular security awareness training and continuous monitoring,” said Taylor.

“This means when a high-risk user is identified through behavioural analytics, that intelligence doesn’t automatically trigger coordinated responses across access controls, data loss prevention, and monitoring systems.” he said.

Mimecast says organisations that do manage to integrate their systems are seeing tangible gains, with 40% reporting faster threat remediation, better visibility and improved compliance readiness.

The issue, the report argues, is not whether integration works, but how many organisations remain trapped by tool sprawl and fragmented controls.

A broader human risk problem

What emerges from the report is a security landscape where the old dividing lines — inside versus outside, user versus attacker, awareness versus technology — are becoming less useful.

Communication channels, collaboration platforms and employee behaviour can no longer be treated as separate problems.

The report argues that addressing human risk now requires coordinated action across four areas:

  1. Integrated visibility across all communication and collaboration channels

  2. Behavioural analytics and security behavior management that identify high-risk users and anomalous activity patterns while driving measurable change in how employees respond to threats

  3. Data governance and protection that safeguards sensitive information regardless of where it resides or how it moves

  4. Coordinated response that connects people-focused and technology-focused security controls

Mimecast’s conclusion is unambiguous: organisations that succeed in bringing policy, employee awareness and technical controls into closer alignment will be far better positioned to identify and contain insider threats before they escalate into serious breaches.

The broader message is that security investment alone is no longer enough; without coordination between people, process and technology, businesses risk spending more, adding complexity and still finding themselves exposed when it matters most.

ByMatthew Giannelis
Follow:
Secondary editor and executive officer at Tech Business News. An IT support engineer for 20 years he's also an advocate for cyber security and anti-spam laws.
Previous Article Solar Rains: Supplying Batteries and Inverters for Solar Projects in Australia Solar Rains Backing Australia’s Renewable Shift with Batteries and Inverters
Next Article How Cars Are Bought - Australia’s Shift to Digital Finance Australia’s Shift to Digital Finance Is Changing How Cars Are Bought
Leave a Comment

Leave a Reply

Malicious insider incidents rising faster than negligence-based threats in Australia for the first time

Tech Articles

Gmail AI is reading your emails — here is how to stop it

Your Gmail Account May Be Feeding Google’s AI—Here’s What You Need to Know

Your Gmail account may be contributing to Google’s AI systems…

Chatbots Condemning Children To Antisocial Behaviour?

Are Chatbots Condemning Children To Antisocial Behaviour?

Are Chatbots Condemning Children To Antisocial Behaviour? Not by default…

How the World’s Data Centres Are Quietly Burning the Planet

Data centres are burning the planet, with a growing environmental…

Recent News