Insider Risk Management & Data Protection

    The State of Human Risk: Data Loss and Insider Risk

    As concern over human risk continues to grow, Mimecast’s State of Human Risk Report sheds light on how organizations are approaching data loss and insider risk

    by Rob Juncker

    Key Points

    • Concerns over human risk management continue to grow, making human risk the hot topic in cybersecurity for 2025.
    • Mimecast has released its ninth annual cybersecurity survey report, The State of Human Risk 2025.
    • This blog is the fourth in a series and highlights our findings in data loss and insider risk.

    The need to address human risk inside today’s organizations is the overwhelming top priority for cybersecurity teams in 2025. It is also the main theme of Mimecast’s recently released ninth annual report on the state of the industry, this year aptly titled The State of Human Risk 2025              .

    Each year, Mimecast conducts a survey of CISOs and other cybersecurity professionals to gain an understanding of the problems they are facing and the issues that are their priority for the coming year. For 2025’s report, we surveyed 1,100 IT security and IT decision makers from the United States, United Kingdom, France, Germany, South Africa, and Australia. A range of private and public sectors were covered, including healthcare, retail, finance, manufacturing, and utilities.

    Managing Data Loss and Insider Risk

    While the importance of external risks to organizations should not be downplayed, security teams need to ensure they are being just as vigilant when it comes to addressing both intentional and unintentional risk from inside the organization.

    What can organizations do when a user they think is a valuable member of their corporate team – one they believe is genuinely trying to do a good job and do right by their employer – turns out to instead be a malicious actor? This can happen when an employee decides to leave the company or gets wind that they may soon be let go. It can also happen when an employee is approached by a cybercriminal and offered something of value to give them a hand in breaching the company where they work.

    And what happens when the employee is actually a mole planted by a competitor to breach an organization’s security to gather trade secrets and other proprietary information? While most security teams would view this as impossible – something that would never happen during the course of securing their organization, Mimecast recently highlighted such a case.

    Whether it’s a disgruntled employee exfiltrating sensitive IP or assisting external bad actors by providing access to critical systems, a negligent user who is spread too thin and fatigued, a compromised user who has inadvertently given their credentials to a bad actor, or a targeted user who has fallen prey to cybercriminals using social engineering to gain access to systems through impersonation, organizations must prepare for being compromised by users from within.

    Data Loss and Insider Risk Survey Results

    During our survey, we asked about negligent, compromised, and targeted users, and 43% of respondents said they have seen an increase in internal threats or data leaks in the past 12 months, and 66% said they expect to see an increase in data loss at their organization in the next 12 months. Security decision-makers at these organizations reported an insider-driven data exposure leak and theft event would cost an average of $13.9 million.

    Mimecast Threat Intelligence Hub

    Security professionals, executives, and even users who want to stay up-to-date on the most recent insider and other threats, should bookmark the Mimecast Threat Intelligence Hub. There, readers will find the latest intelligence about threats uncovered by Mimecast’s cybersecurity experts.

    In addition to other stories, it currently features a recent successful phishing campaign that leveraged a legitimate CMS to send fraudulent job offer emails from well-known brands.

    More broadly, the industry has experienced other well-known, insider risk-driven cyberattacks: Data exposure at Pegasus Airlines due to employee negligence, the Mailchimp triple data breach caused by social engineering, the theft of Slack's code repositories due to a compromised vendor, intellectual property theft by a malicious insider at Yahoo, and a massive data breach by former Tesla employees. 

    These stories and others provide insight into the current state of threats organizations are facing.

    The Bottom Line

    While we are seeing great improvements in awareness when it comes to organizations being on the lookout for both external and insider risk when it comes to preventing data loss, today’s security teams must remain aware of current known threats and be diligent in discovering new threats. A human risk management platform can give security teams the insight they need to determine which users pose the greatest insider risk. Learn more by reading the full State of Human Risk 2025 report.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top