SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Cinematic australian office night insider stealing data usb drive
#
Cloud Security
#
Phishing
#
SOCs

Malicious insider threats outpace negligence in Australia

Thu, 5th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Malicious insider incidents are rising faster than negligence-based threats in Australia for the first time, according to new Mimecast research that points to growing exposure across email and collaboration platforms.

Mimecast's latest State of Human Risk Report found 41% of Australian organisations reported an increase in malicious insider incidents over the past year, compared with 38% reporting a rise in negligent incidents. Insider risk has historically focused on accidental employee mistakes such as misdirected emails or mishandled data.

The results suggest organisations may need to rethink internal risk, with deliberate misuse of access now reported more often than user error. The findings also align with broader concern about AI-driven threats and gaps between awareness programmes and technical controls.

The report is based on a survey of 2,500 IT security and IT decision-makers across nine countries, including 250 in Australia. All organisations surveyed had more than 250 employees and more than 250 email users. Sectors covered included financial services, healthcare, technology, manufacturing, retail, the public sector, energy, and media.

Cost and volume

Globally, organisations reported an average of six insider-driven incidents per month. Mimecast estimated the cost at AUD $18.4 million per incident, and found 66% of organisations expect insider-related data loss to increase over the next 12 months.

In Australia, the report also highlighted uncertainty about readiness as threats become harder to separate into internal and external categories. Credentials can remain valid even when intent is not, and access rights can persist long after job roles change.

John Taylor, Mimecast's Field Chief Technical Officer for APAC, said organisations are seeing more cases where insiders are used to bypass established security controls.

"We're seeing a concerning acceleration in malicious insider threats across Australia. While negligence has traditionally been the primary insider concern, intentional betrayal is now growing at a faster rate. 41% of organisations reported increases in malicious insider activity versus 38% for negligence. This represents a fundamental shift. Additionally, attackers are seeing an opportunity to increasingly exploit insiders as a deliberate entry point to bypass perimeter defenses entirely."

AI pressure

The research also found a strong expectation that AI will feature more heavily in attacks, alongside doubts about preparedness. In Australia, 68% of security leaders said AI attacks against their organisation are inevitable within 12 months, while 52% said they are not fully prepared.

The report described AI as a factor that can increase the speed and scale of attacks, citing more convincing social engineering messages and automated reconnaissance. It also raised the prospect of AI being used to help recruit insiders.

Taylor said older assumptions about a clear boundary between internal and external users no longer match how organisations operate, particularly with distributed workforces and widespread cloud adoption.

"The historical hard network boundary is long gone, so organisations need adaptive controls that identify high-risk actions in real-time and create friction when someone accesses data they shouldn't, regardless of whether they have valid credentials, or are 'internally' or 'externally' located. As AI makes it easier for insiders to exfiltrate data at scale, security must meet users at the point of risk."

Native controls

The report also pointed to a widening gap between where people work and how organisations secure those environments, as employees operate across email, collaboration platforms, internal communications tools, and GenAI services.

In Australia, 38% of organisations said they rely solely on native security controls for collaboration tools. At the same time, 61% said those controls are not sufficient against current threats. Elsewhere, Mimecast cited 64% on the same question, suggesting broad agreement that built-in protections are falling short.

The research suggests this reliance persists even as attackers combine multiple techniques across different channels. It also identified complexity as a barrier, with 67% of Australian organisations saying security tool integration is overly complicated.

Governance gaps

Governance and compliance over communications data emerged as another concern. Mimecast found 91% of Australian organisations face challenges maintaining governance and compliance across communications data, and 53% lack confidence in quickly locating data to meet regulatory or legal requirements.

These issues can slow incident response by delaying investigations and limiting the ability to reconstruct timelines across messaging platforms, email, and file stores. They can also increase risk during regulatory inquiries when organisations must produce relevant records quickly.

Taylor said visibility is central to improving governance, culture, and response.

"The base principle is that visibility is key. By achieving end-to-end visibility, the three key areas of governance, cyber culture/awareness and incident response will mature as organisations are able to react strategically and operationally to the right things."

Training and monitoring

The report also described a disconnect between awareness initiatives and technical monitoring. Only 28% of respondents said they coordinate security training with continuous monitoring, pointing to a gap between people-focused and technology-focused controls.

It also found organisations that integrate controls report operational improvements, with 40% citing faster threat remediation, better visibility, and improved compliance readiness. However, many remain constrained by tool sprawl and limited correlation across email, collaboration tools, and data repositories.

Taylor said this separation limits how quickly organisations can act when risk signals emerge.

"Only 28% of organisations combine both regular security awareness training and continuous monitoring. This means when a high-risk user is identified through behavioural analytics, that intelligence doesn't automatically trigger coordinated responses across access controls, data loss prevention, and monitoring systems."

Overall, the report suggests Australian security teams are preparing for a landscape where insider activity, AI-driven attacks, and weak governance across communications systems increasingly intersect, adding pressure to tighten oversight of collaboration and messaging data over the next year.

Related stories
Small alert, big defense: Inside a SOC's early-morning response
Haast raises $17.2 million to automate compliance checks
Remote acquires Bravas to add identity & device management
TechnologyOne launches InvoiceIQ to curb council fraud
MSPs face AI adoption hurdle over governance rules

Top stories

AI agents expose major API security gap, Salt warns
Certes launches v7 with quantum-safe edge protection
OPSWAT launches AI file screening engine for MetaDefender
From DSPM to data protection: Closing the last mile on sensitive data in the era of AI
Yokogawa lands cyber certification for plant control systems