Insider threats are becoming a growing concern for Australian organisations, with deliberate attacks by employees now increasing faster than accidental security mistakes, according to new research from Mimecast.
According to its State of Human Risk Report, 41% of Australian organisations reported a rise in malicious insider incidents over the past year. That figure is slightly higher than the 38% reporting increases in negligent insider activity, marking the first time intentional threats have overtaken accidental employee errors.
On average, organisations reported six insider-driven incidents each month, with each incident estimated to cost about $18.4 million. Around 66% of respondents said they expect insider-related data loss to increase over the next 12 months.
Governance and compliance challenges were widely reported. Ninety-one per cent (91%) of Australian organisations said they face difficulties managing communications data for governance and compliance, while 53% said they are not confident they could quickly locate data needed for regulatory or legal requirements.
The report also found continued reliance on built-in security tools. Thirty-eight per cent (38%) of Australian organisations said they rely only on native security controls for communication and collaboration platforms, even though 61% believe those tools are not sufficient against modern threats.
John Taylor, field chief technology officer for APAC at Mimecast, said the rise in malicious insider activity reflects a change in how insider threats are developing.
“While negligence has traditionally been the primary insider concern, intentional betrayal is now growing at a faster rate… This represents a fundamental shift. Additionally, attackers are seeing an opportunity to increasingly exploit insiders as a deliberate entry point to bypass perimeter defences entirely,” Taylor said, adding that traditional network-based security models are becoming less effective.
“The historical hard network boundary is long gone, so organisations need adaptive controls that identify high-risk actions in real-time and create friction when someone accesses data they shouldn't, regardless of whether they have valid credentials, or are ‘internally’ or ‘externally’ located. As AI makes it easier for insiders to exfiltrate data at scale, security must meet users at the point of risk.”
He also highlighted the importance of visibility across systems.
“The base principle is that visibility is key,” he said. “By achieving end-to-end visibility, the three key areas of governance, cyber culture/awareness and incident response will mature as organisations are able to react strategically and operationally to the right things.”
However, the report suggested many organisations have yet to align their security measures. Only 28% combine regular security awareness training with continuous monitoring systems.
Integration also remains a challenge. 67% of Australian organisations said integrating different security tools is overly complex. Meanwhile, attackers increasingly combine techniques such as CAPTCHA-protected phishing pages, embedded JavaScript, and legitimate remote management tools to exploit gaps between disconnected security systems.
Among organisations that reported successfully integrating their systems, 40% said they saw faster threat remediation, better visibility across systems, and improved compliance readiness.
