Nearly two-thirds (61%) of US firms have suffered from insider data breaches in the past two years, according to a new OPSWAT report conducted by the Ponemon Institute.
Affected businesses have had an average of eight insider incidents that resulted in unauthorized access to sensitive and confidential data in files.
These relate to both unintentional and malicious insider activities.
The average cost of insider incidents per organization is $2.7m, with financial impacts made up of factors like regulatory fines, diminished workplace productivity and loss of customer data.
The US IT and IT security practitioners surveyed for the study cited data leakage from malicious and unintentional insiders as the most serious risk to file security at their organization (45%).
This was followed by file access visibility and control (39%) and malicious files and applications from third-party vendors (33%).
Malicious insiders relate to employees or contractors deliberately stealing or leaking data from their employer for purposes such as sabotage and financial gain.
Unintentional insiders relate to staff who unwittingly leak data due to negligence or from being duped by malicious actors. An example of this is posting sensitive commercial or customer data on publicly-facing AI tools.
Read now: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites
File Storage Tools the Most Vulnerable Environment
File storage environments were considered the location that poses the biggest threat to data, cited by 42% of respondents. This includes on-prem environments such as SharePoint and network-attached storage (NAS) devices.
The next riskiest environment was web file uploads (40%), followed by web file downloads from websites or software-as-a-service (SaaS) apps and collaboration platforms (39%), such as Microsoft Teams.
Cloud storage tools, such as Google Workspace, and SaaS applications, such as Dropbox, were cited by 29% and 23% of respondents, respectively, in their top three riskiest data environments.
One in Three Firms Have Banned GenAI
The OPSWAT report, published on September 4, also analyzed organizations’ use of AI tools.
Just under a third (29%) of respondents revealed their organization has banned generative AI tools, while 19% have no plans to adopt them at all.
Just 25% of firms have adopted a formal policy for generative AI use in the workplace, with 27% taking an ad hoc approach.
A significant proportion of respondents highlighted the importance of AI in their file security strategy.
A third (33%) reported that their organization had made AI a part of its file security strategy and 29% plan to add AI into their approach in 2026.
Over half (59%) of those respondents who have or plan to make AI part of its file security strategy said that AI is very or highly effective in enhancing file security maturity.
Additionally, 29% revealed they are in the testing pilot phase of using generative AI technology to unlock files, while 18% said it is in production.
