A new report, reveals that nearly two-thirds (61%) of US firms experienced insider-related data breaches in the past two years, averaging eight incidents per organization. These incidents involved both malicious and unintentional insiders and cost organizations an average of $2.7 million each, factoring in regulatory fines, reduced productivity, and loss of sensitive data.

Respondents identified insider-related data leakage (45%) as the most serious file security risk, followed by lack of visibility and control over file access (39%) and malicious files or apps from third-party vendors (33%). Malicious insiders—employees or contractors deliberately stealing or leaking data—were cited as a major concern, while unintentional insiders often exposed data due to negligence or by falling victim to social engineering, such as sharing confidential information on public AI tools.

File storage environments were reported as the most vulnerable (42%), including on-premises tools like SharePoint and NAS devices. This was followed by web file uploads (40%) and web file downloads via SaaS apps or collaboration platforms like Microsoft Teams (39%). Cloud storage solutions (29%) and SaaS applications like Dropbox (23%) also ranked among the riskiest environments.

The study also highlighted organizations’ mixed stance toward generative AI. Nearly a third (29%) of firms have banned GenAI tools, while 19% said they have no plans to adopt them. Only 25% have formal AI usage policies, with another 27% relying on ad hoc approaches. Despite hesitancy, AI is increasingly seen as valuable for security: 33% of organizations have integrated AI into their file security strategies, and 29% plan to do so by 2026. Of those leveraging AI, 59% reported it as highly effective in improving file security maturity, with some already testing or deploying AI for secure file access.