Cybersecurity has long focused on external attackers. But new research suggests the real risk may already be inside the building.
According to Mimecast’s latest State of Human Risk Report, 46% of South African organisations say malicious insider incidents have increased over the past year. For the first time, deliberate insider threats now match accidental mistakes as a primary security concern.
No ad to show here.
The shift signals a deeper change in the cyber threat landscape. Human behaviour is now a central vulnerability in enterprise security.
The Rise Of The Insider Threat
Historically, many security incidents were caused by human error. Employees clicked phishing links, mishandled sensitive files, or misconfigured systems. But the new research indicates a growing trend toward intentional insider activity. Across South Africa, the proportion of organisations reporting malicious insider incidents now equals those reporting negligent mistakes, both at 46%. Globally, the concern around malicious insiders has risen sharply from 33% in 2024 to 42% in 2026.
The financial impact is significant. Organisations surveyed reported an average of six insider-related incidents per month. The estimated cost of a single insider-driven breach can reach $13.1 million. As companies become more digitally interconnected, a single compromised employee account can expose massive volumes of sensitive data.
AI Is Changing The Threat Landscape
Artificial intelligence is emerging as a major accelerator of insider threats. Security leaders increasingly believe AI-driven attacks are unavoidable. According to the study, 69% of security decision makers expect AI-powered cyber attacks to target their organisations within the next 12 months. Yet many businesses remain unprepared. Globally, 60% of organisations say they are not fully ready to defend against AI-driven threats. Attackers are already using AI to automate reconnaissance, generate convincing phishing messages and manipulate employees through highly personalised social engineering.
For malicious insiders, these tools make data exfiltration faster and harder to detect. AI can analyse large datasets, identify valuable information and automate extraction processes that previously required manual effort.
Collaboration Tools Expand The Attack Surface
The modern workplace has dramatically expanded the digital attack surface. Employees now work across email platforms, collaboration tools, messaging systems and increasingly generative AI interfaces. Each platform creates new opportunities for security gaps. Despite this growing complexity, many organisations still rely heavily on built-in platform security.
In South Africa, 38% of organisations rely solely on native security controls for collaboration tools. Yet 62% of respondents acknowledge those controls are insufficient to defend against modern threats. This mismatch creates an environment where attackers can exploit gaps between systems.
Governance And Compliance Challenges
Another major concern raised by the research is governance over communications data. More than 90% of South African organisations say they struggle to maintain compliance and governance across communication channels. Many also lack confidence in their ability to quickly locate data when required for legal or regulatory purposes. That creates potential regulatory exposure.
As data protection frameworks strengthen globally, organisations may face increased scrutiny around how they monitor communications, store sensitive data and investigate breaches. In South Africa, this intersects with compliance requirements under legislation such as the Protection of Personal Information Act.
Fragmented Security Is The Real Weakness
The study highlights a critical structural problem in many organisations. Security awareness programmes often operate separately from monitoring systems and access controls. Training might identify risky behaviour patterns, but those insights rarely feed directly into technical controls. Only 28% of organisations combine security awareness training with continuous behavioural monitoring.
This disconnect allows attackers to move across systems that do not share intelligence. In contrast, organisations that successfully integrate their security tools report faster incident response, improved threat visibility and stronger compliance readiness.
Human Risk Is Now A Core Security Challenge
The findings point toward a broader shift in cybersecurity thinking. For years, security investments focused on building stronger technological barriers around networks. Firewalls, endpoint protection and intrusion detection systems formed the first line of defence. But modern attacks increasingly target human behaviour rather than infrastructure.
Employees interact with data, applications and systems every day. That makes them both a potential vulnerability and a critical line of defence. Addressing insider risk now requires a coordinated approach that combines technology, behavioural analytics and governance.
Rethinking Security In The AI Era
As AI accelerates the pace and sophistication of cyber attacks, organisations face a new challenge. Security strategies must move beyond isolated tools toward integrated visibility across communications platforms, collaboration systems and data repositories. Behavioural analytics, automated monitoring and coordinated response systems are becoming essential components of enterprise defence.
The message from the research is clear. Cybersecurity is no longer only about protecting networks. It is about understanding and managing human behaviour within increasingly complex digital environments.
And in the AI era, that human factor may prove to be the most difficult security risk to control.
