More than 55% of organisations lack dedicated strategies to address AI-driven cyber threats, according to new research by Mimecast. Based on a global survey of 1,100 IT security professionals, the cybersecurity firm’s latest ‘State of Human Risk’ report highlights growing concerns over AI-related vulnerabilities, insider threats, and cybersecurity budget gaps.
The report finds that 96% of organisations say adopting a formal cybersecurity strategy has improved their risk posture. However, security leaders continue to face an increasingly complex threat landscape, with AI-driven attacks and insider risks adding new challenges.
“Despite the complexity of challenges facing organisations—including increased insider risk, larger attack surfaces from collaboration tools, and sophisticated AI attacks—organisations are still too eager to simply throw point solutions at the problem,” said Mimecast’s human risk strategist VP, Masha Sedova. “With short-staffed IT and security teams and an unrelenting threat landscape, organisations must shift to a human-centric platform approach that connects the dots between employees and technology to keep the business secure.”
The report shows that 95% of organisations use AI for threat detection, endpoint protection, and insider risk analysis, yet 81% worry about data leaks from generative AI (GenAI) tools. Over half lack clear strategies to counter AI-driven attacks, and 46% are not confident in their ability to defend against AI-powered phishing and deepfake threats.
Insider security incidents have risen by 43%, with 66% of IT leaders expecting data loss from internal sources to increase over the next year. The report estimates the average cost of insider-driven data breaches, leaks, or theft at $13.9 million per incident. Additionally, 79% of organisations believe that the growing use of collaboration tools has introduced new security risks, increasing exposure to both intentional and accidental data breaches.
Cybersecurity budgets rising but falling short
Despite 85% of organisations increasing their cybersecurity budgets, funding gaps remain. 61% say budget constraints hinder efforts to address emerging threats and implement AI-driven security solutions. The report highlights the need for additional investment in cybersecurity staffing, third-party security services, collaboration tool security, and email security.
Although 87% of organisations conduct quarterly cybersecurity training, 33% of IT leaders remain concerned about employees mishandling email threats, while 27% cite fatigue as a key security risk. 95% of organisations expect email security challenges to persist in 2025, as phishing attacks continue to exploit human vulnerabilities.
Collaboration tools continue to expand attack surfaces, with 44% of organisations reporting an increase in cyber threats from these platforms. 61% believe a cyberattack involving collaboration tools could disrupt business operations in 2025, raising concerns over data integrity and compliance risks.
The report highlights a shift from traditional security awareness training to proactive Human Risk Management, with just 8% of employees responsible for 80% of security incidents. Organisations are adopting AI-driven monitoring and behavioural analytics to detect and mitigate threats early. 72% of security leaders see human-centric cybersecurity solutions as crucial over the next five years, indicating a move toward advanced threat detection and risk mitigation strategies.
Read more: Google Cloud report warns of surge in AI-driven cyberattacks next year
