Shadow AI-related negligence drives insider risk costs

Organizations have lost $19.5 million on average due to insider risk incidents last year, with 53% or $10.3 million associated with employee negligence concerning shadow AI, Infosecurity Magazine reports.

Data theft, fraud, and other illicit incidents, as well as phishing intrusions, accounted for the remainder of insider risk losses disclosed by businesses, according to a DTEX-commissioned report conducted by the Ponemon Institute. Shadow AI, file-sharing sites, and personal webmails have led to a 17% year-over-year increase in employee negligence-related costs. While 44% of IT and security practitioners noted that illicit agent usage will moderately or significantly raise the odds of data theft, less than a fifth have regarded AI agents as human insiders.

Despite concerns regarding the risk of AI agents, nearly a fifth have integrated such tools into daily workflows. Increased utilization of behavioral analysis has also prompted average insider incident containment duration to decline from 86 days to 67 days. Organizations' chief information security officers have been advised to not only adopt behavioral intelligence and identity-focused security, but also defensive AI and governance and data classification mechanisms, while considering AI as an operational insider.