Australian cyber teams warn AI fuelling rise in insider threats

New research indicates that the majority of Australian cybersecurity professionals believe artificial intelligence is significantly increasing the effectiveness of insider threats, and that incidents are set to rise in the coming year.

Findings from the Exabeam report "From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk" show 82% of Australian respondents say AI is making insider threats more effective, while 84% expect the number of incidents to increase over the next twelve months.

The research draws on a global survey of 1,010 cybersecurity professionals spanning multiple sectors. Their responses suggest a shift in the perceived threat environment, with insider risks now overtaking external attacks as the primary security concern, in large part due to advancements in AI capabilities.

AI's role in insider threat evolution

Generative AI and related technologies are driving this trend, making attacks quicker, less detectable, and more challenging for current defences. The report notes that Australian organisations are at the forefront of insider risk awareness, with 58% now viewing insiders - whether intentionally malicious or inadvertently compromised - as presenting a greater risk than external actors.

"Insiders aren't just people anymore. They're AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed. The question isn't just who has access - it's whether you can spot when that access is being abused," said Steve Wilson, Chief AI and Product Officer at Exabeam.

Specific concerns highlighted by respondents include AI-enhanced phishing and social engineering, with 28% identifying it as Australia's top threat vector. This was followed by privilege misuse or the use of unapproved generative AI tools (22%), and privilege misuse or unauthorised access (16%).

Detection and defence challenges

The research further shows that while 84% of Australian organisations claim to have insider threat programmes in place, most lack access to the behavioural analytics needed for early detection of abnormal activity. Only 34% reportedly use user and entity behaviour analytics (UEBA), which is viewed as a foundational capability for effective insider threat detection.

Many organisations still depend on solutions such as identity and access management, security training, data loss prevention, and endpoint detection and response. While these tools provide some visibility, the report warns they often miss the nuanced, behavioural context required to uncover emerging or subtle insider risks.

Usage of AI in insider threat detection is relatively high, with 94% of Australian organisations applying some form of AI tooling. However, there is a marked gap between deployment and operational readiness, particularly in governance and oversight. According to Exabeam's findings, over half (55%) of executives globally believe their AI tools are fully deployed, but that view is not always shared by managers and analysts, who report that many implementations remain at the pilot or evaluation stage.

"AI has added a layer of speed and subtlety to insider activity that traditional defences weren't built to detect. Security teams are deploying AI to detect these evolving threats, but without strong governance or clear oversight, it's a race they're struggling to win. This paradigm shift requires a fundamentally new approach to insider threat defence," said Kevin Kirkwood, CISO, Exabeam.

Rise of unapproved generative AI tools

The challenge is compounded by the unauthorised use of generative AI tools within organisations. According to the survey, 72% of Australian organisations reported some level of unapproved generative AI tool usage by employees, with 22% flagging this as their top concern in the context of insider risks.

The report identifies a dual-risk scenario in which generative AI tools intended to boost productivity are also being used for potentially malicious activity by insiders. The blending of insider access with AI's capabilities is producing threats that more frequently evade traditional security controls and highlight dependence on more sophisticated, behaviour-oriented approaches.

Regional differences

Although Australia demonstrates high awareness and anticipates continued growth in insider threats, there are marked regional variations. The Asia Pacific and Japan region leads in projected growth (69%), whereas in the Middle East, almost one-third of respondents (30%) anticipate a decrease. The report suggests this discrepancy may result from either greater confidence in existing security controls or a potential underappreciation of emerging risks.

Adapting to a changing threat landscape

The Exabeam report concludes that organisations facing accelerating insider threats must adapt by aligning leadership priorities with operational realities and moving beyond base-level compliance. Success depends on strategies that can accurately distinguish between human and AI-driven activity, improve behavioural visibility, and encourage collaboration between teams to close visibility gaps.

Bridging this divide, according to the report, requires leadership engagement, cross-functional cooperation, and governance models capable of keeping pace with the rapid adoption of AI. Organisations should focus on enhancing their ability to detect and respond quickly to threats, reducing the window of risk, and refining strategies to keep up with threat evolution.