MELBOURNE, AUSTRALIA, 5^th March, 2026 – Mimecast, a global leader in managing human risk, today released its 9th annual State of Human Risk Report, revealing that 41% of Australian organisations reported an increase in malicious insider incidents over the past year, surpassing the 38% reporting a rise in negligent incidents. This marks the first time growth in intentional insider threats has outpaced accidental employee errors.

This parity represents a fundamental shift in enterprise security where intentional betrayal by employees is now a primary security concern.

Globally, organisations reporting increases in malicious insider concerns jumped nearly 10 percentage points over two years up from 33% in 2024 to 41% in 2026. The global study of 2,500 IT security and IT decision makers, including 250 in Australia, also quantifies the financial toll – organisations experience an average of six insider-driven incidents per month at an estimated cost of AUD$18.4 million per incident, while 66% expect insider-related data loss to increase over the next 12 months.

The study explored dozens of facets of securing human risk and some of the other key findings include:

• AI threat preparation lags despite inevitable attacks – Sixty-eight percent of Australian security leaders say AI attacks against their organisation are inevitable within 12 months, yet 52% are not fully prepared.
• Critical coordination gap undermines defenses – Just 28% of respondents coordinate security training with continuous monitoring. This critical coordination gap undermines defenses, leaving people-focused and technology-focused initiatives disconnected.
• Expanding attack surface meets inadequate native security – As threats expand across email, collaboration platforms, and internal communications, 38% of Australian organisations remain reliant solely on native security controls — tools that 61% of respondents acknowledge are not up to the task.
• Governance failures create regulatory time bomb – Ninety-one percent face challenges maintaining governance and compliance over communications data. Fifty-three percent lack confidence in quickly locating data to meet regulatory or legal requirements.

“We’re seeing a concerning acceleration in malicious insider threats across Australia,” said John Taylor, Field Chief Technical Officer, APAC at Mimecast. “While negligence has traditionally been the primary insider concern, intentional betrayal is now growing at a faster rate. 41% of organisations reported increases in malicious insider activity versus 38% for negligence. This represents a fundamental shift. Additionally, attackers are seeing an opportunity to increasingly exploit insiders as a deliberate entry point to bypass perimeter defenses entirely.”

“The historical hard network boundary is long gone, so organisations need adaptive controls that identify high-risk actions in real-time and create friction when someone accesses data they shouldn’t, regardless of whether they have valid credentials, or are ‘internally’ or ‘externally’ located. As AI makes it easier for insiders to exfiltrate data at scale, security must meet users at the point of risk.”

“The base principle is that visibility is key.  By achieving end-to-end visibility, the three key areas of governance, cyber culture/awareness and incident response will mature as organisations are able to react strategically and operationally to the right things.”

John Taylor, Field Chief Technical Officer, APAC at Mimecast

AI: The accelerant across an expanding attack surface

The attack surface is rapidly expanding as employees work across email, GenAI platforms, and collaboration tools, yet security strategies have failed to keep pace.  Native security controls are falling short: 38% of Australian organisations rely on them exclusively for collaboration tools, even as 64% admit they are insufficient against modern threats.

At the same time, AI is emerging as a force multiplier for both external attackers and malicious insiders. Sixty-eight percent of security leaders say AI attacks are inevitable within 12 months, yet 52% are not fully prepared. Attackers use AI to recruit insiders, craft convincing social engineering attacks, and automate reconnaissance.

Governance, visibility, and the compliance time bomb

Ninety-one percent of Australian organisations face challenges maintaining governance and compliance over communications data, limiting their ability to detect, investigate, and respond to incidents effectively. Fifty-three percent lack confidence in quickly locating data to meet regulatory or legal requirements – a regulatory time bomb as compliance requirements intensify.

Fragmented defenses, coordinated threats

A dangerous irony undermines defense efforts: 67% of Aussie organisations find security tool integration overly complicated, while attackers face no such constraints. Whilst the same old base attack categories are leveraged, modern attack chains seamlessly combine CAPTCHA-protected phishing, embedded JavaScript, and legitimate remote management tools, exploiting the gaps between disconnected security controls.

“Only 28% of organisations combine both regular security awareness training and continuous monitoring,” John adds. “This means when a high-risk user is identified through behavioural analytics, that intelligence doesn’t automatically trigger coordinated responses across access controls, data loss prevention, and monitoring systems.”

However, those who successfully integrate are reporting dramatic benefits: 40% achieve faster threat remediation, comprehensive visibility, and improved compliance readiness. The challenge isn’t whether integration delivers value, it’s that most organisations remain constrained by tool sprawl, unable to correlate threats across email, collaboration platforms, and data repositories.

The path forward: coordinating for human risk

Organisations can no longer treat their communication channels, collaboration platforms, and employee behaviors as isolated security concerns, nor rely on native controls that were never designed to stop human-targeted attacks at scale. Addressing human risk means meeting people where they are – in their inboxes, their workflows, and their daily decisions – with a holistic strategy that spans the full threat landscape.

The solution requires coordinated action across four dimensions:

1. Integrated visibility across all communication and collaboration channels
2. Behavioural analytics and security behavior management that identify high-risk users and anomalous activity patterns while driving measurable change in how employees respond to threats
3. Data governance and protection that safeguards sensitive information regardless of where it resides or how it moves
4. Coordinated response that connects people-focused and technology-focused security controls

Organisations that address these requirements will detect and prevent insider threats before costly breaches occur. Those that maintain fragmented approaches will see security spending rise while protection effectiveness declines.

Download the 2026 State of Human Risk Report at: https://www.mimecast.com/resources/ebooks/state-of-human-risk/

 RESEARCH METHODOLOGY

Mimecast commissioned Vanson Bourne to survey 2,500 IT security and IT decision makers across nine countries in November and December 2025. 250 of those decision makers were in Australia. All organisations surveyed had more than 250 employees and more than 250 email users. Organisation sizes ranged from 250 to over 10,000 employees.

Geographic Coverage: United States (500), United Kingdom (300), Germany (300), France (300), Spain (200), Italy (200), South Africa (200), Singapore (250), Australia (250)

Sectors Covered: Financial services, healthcare (public and private), IT/technology/telecoms, manufacturing, retail, public sector, energy/utilities, business services, construction, consumer services, media/entertainment

About Mimecast

Mimecast is a global cybersecurity and data governance leader redefining how organizations secure human risk. Its AI-powered, API-enabled connected human risk platform is purpose-built to protect organizations from the spectrum of cyber threats. Integrating cutting-edge technology with human-centric pathways, our platform provides enhanced visibility and strategic insight.

By enabling decisive action and empowering businesses to protect their collaborative environments, our technology safeguards critical data and actively engages employees in reducing risk and enhancing productivity. More than 42,000 businesses worldwide trust Mimecast to help them keep ahead of the ever-evolving threat landscape.

From insider risk to external threats, customers get more with Mimecast. More visibility. More agility. More control. More security.

Mimecast and the Mimecast logo are either registered trademarks or trademarks of Mimecast Services Limited in the United States and/or other countries. All other third-party trademarks and logos contained in this press release are the property of their respective owners. The use of the word ‘partner’ does not imply a partnership relationship between Mimecast and any other company.