cyber
TRENDS
Traditional DLP tools are often at the core of this challenge. Once the cornerstone of data protection, they are losing effectiveness in today’ s hybrid environments. Fewer than half of respondents reported that their DLP tools meet current needs, citing limited behavioural context due to the lack of visibility into user interactions with sensitive data as the primary gap.
This lack of context leads to a false sense of security: alerts fire off, dashboards fill with activity, but without visibility into user behaviour, teams are left guessing which actions are risky and which are routine.
Understanding what’ s being exposed
The report also revealed the types of sensitive data most often at risk. Customer records( 53 %) and personally identifiable information( 47 %) topped the list, followed by business-sensitive plans( 40 %), user credentials( 36 %) and intellectual property( 29 %).
For industries that depend heavily on innovation such as manufacturing, technology and biotech, exposure of intellectual property can have lasting consequences. Even a single incident, such as an employee copying proprietary designs into a public Generative AI prompt, can erode years of competitive advantage.
The critical takeaway is that most insider incidents are not malicious breaches but rather small oversights that accumulate. Everyday behaviour such as sharing documents, experimenting with Generative AI tools or uploading to personal cloud storage creates opportunities for data loss that legacy controls cannot interpret in context.
How organisations are responding
The good news is that organisations are responding. Seventy-two percent of those surveyed reported that their budgets for insider risk programmes are increasing. More importantly, they are investing in capabilities that combine visibility, analytics and automation to identify risk before data leaves the environment.
The report outlines five practices common to more mature programmes:
• Establish visibility early – ensure that monitoring across users, devices, SaaS and Generative AI begins at deployment, not months later.
• Analyse behaviour, not just movement – go beyond file transfers to detect unusual access patterns or misuse of sensitive data.
• Extend protection to everyday tools – email, collaboration apps and personal cloud accounts remain the most common points of egress.
• Align security and governance teams – shared workflows between security, IT, HR and legal teams enhance detection and response capabilities.
• Adopt adaptive controls – replace static enforcement with automated, context-aware policies that respond to behaviour in real time.
Organisations following these steps report stronger detection, fewer false positives and improved collaboration across departments.
The shift to behaviour-aware security
The report also shows a clear movement towards behaviour-aware, AI-ready platforms that integrate insider risk management with data protection. Two-thirds( 66 %) of respondents cited real-time behavioural analytics as a top priority for their nextgeneration solutions.
This shift reflects a broader mindset change: insider risk is not just a compliance issue but a dynamic security problem that demands context. By understanding why data is being accessed – not just what is being moved – organisations can take targeted action to prevent harm before it occurs.
Benchmark and build next steps
The 2025 Insider Risk Report provides a valuable benchmark for understanding where organisations stand when it comes to managing insider risk. It also highlights practical ways to strengthen insider risk management programmes without disrupting productivity.
From addressing visibility gaps to re-evaluating DLP strategies, the report provides a roadmap for striking a balance between user freedom and effective data protection.
54 WWW. INTELLIGENTCISO. COM