According to Mimecast's "State of Human Risk 2026" study, APAC organisations report an average of eight insider-driven data exposure, loss, leak, or theft incidents each month, surpassing the approximately six incidents experienced in Europe, the Middle East, and Africa (EMEA), and five in North America.
While the average cost per incident remains consistent across regions at about $13.1 million, the elevated frequency of such incidents in APAC sharply compounds the financial, operational, and reputational risks faced by businesses.
“What differentiates APAC is not that insider-driven incidents are more costly than elsewhere, but that they are happening more often. The cumulative impact on operations, customer trust, and regulatory exposure becomes significant,” said Nicky Choo, vice president and general manager for APAC at Mimecast.
Alarmingly, 64% of respondents from APAC anticipate an increase in insider-driven data losses within the next year, indicating a growing belief that existing security measures may be insufficient in the face of evolving workplace dynamics. The region's complex digital environments, characterised by large workforces and high volumes of daily communications, create numerous opportunities for insider-driven exposure.
To combat this escalating threat, over half of APAC organisations (53%) are now employing AI-driven behavioural and sentiment analysis tools to identify potential insider threats. This proactive approach reflects a broader commitment to enhancing security measures against human-driven risks.
The findings highlight a critical need for organisations to evolve their strategies for managing insider risk as a fundamental component of their cyber resilience. As APAC continues to adapt to new working paradigms, ensuring comprehensive visibility and robust incident response processes will be essential for maintaining stakeholder confidence and regulatory compliance.
“Organisations need to better understand and manage insider risk,” Choo stated, reinforcing the message that human-driven cyber risk is a pressing ongoing challenge in today’s complex operational landscape.
