Unapproved GenAI usage rates are highest in technology (40%), financial services (32%), and government (38%).

AI-enhanced phishing and social engineering are the most concerning tactics (27%) for insider threats.

73% of security leaders report analyst burnout and staffing shortages.

72% of CISOs are prioritising faster investigations.

The U.S. and U.K. together represent over 70% of ransomware attacks.

Alert fatigue is now a top challenge for 76% of SOCs.

53% of cybersecurity professionals expect insider threats to increase.

Healthcare expects a 53% rise in insider threats.

Almost all (97%) of major U.S. banks experienced third-party breaches in 2024.

Over the past year, more than half of organisations (53%) have seen a measurable increase in insider incidents.

64% of cybersecurity professionals view insiders (whether malicious or compromised) as a greater risk than external actors.

88% of organisations state they have insider threat programmes.

Targeted intrusions against financial institutions increased by 109% year-over-year.

Comprehensive security awareness training can reduce phishing susceptibility to below 5%.

74% of cybersecurity professionals report that AI is making insider threats more effective.

Only 31% of security leaders use AI-powered SOC tools across core detection and response workflows.

Just 44% of organisations use user and entity behaviour analytics (UEBA) for insider threat detection.

97% of organisations use some form of AI in their insider threat tooling.

78% of security leaders identify social engineering and phishing as their top threat.

Two of the top three current insider threat vectors are now AI-related.