Financial services firms faced an average annual insider-risk cost of $23.1 million in 2025, the third-highest among industries and well above the global average of $19.5 million, as employee negligence and shadow AI drove losses higher. The figure climbed from $20 million in 2024, according to the 2026 Cost of Insider Risks Global Report by Ponemon Institute and DTEX.
The study, based on 354 organisations that each experienced at least one material insider incident, found that financial services accounted for 14% of participants - the largest industry share. Across all sectors, insider incidents now cost organisations $19.5 million a year on average, up from $17.4 million in 2024.
Negligence and credential theft drive losses
Organisations faced an average of 25.4 insider incidents in 2025. Negligent or mistaken employees and contractors were the biggest source, making up 53% of the 7,490 cases reviewed. Malicious or criminal insiders accounted for 27%, while credential theft victims - labeled "outsmarted insiders" - represented 20%.
Negligence also caused the largest financial damage. Losses tied to negligent or mistaken insiders hit $10.3 million annually, a 17% increase from the previous year. The average negligent insider incident cost $747,107.
Shadow AI widens the risk surface
Employees are routinely feeding internal documents, legal materials, source code, architecture diagrams and business strategies into generative AI tools without security oversight, DTEX said. The firm identified tools such as ChatGPT, Claude, Gemini, Perplexity and Grok AI as common destinations for this data.
"The common pattern is workers using AI and other tools to move faster, while companies lack visibility into what data is being shared and where it goes," the report noted. The risk is not primarily from malicious intent.
AI governance remains thin across the sector. While 92% of organisations said generative AI has changed how employees access and share information, only 13% have formally adopted AI into their business strategies. 73% said unauthorised AI use is creating hidden data-loss paths, yet just 18% have fully integrated AI governance into insider risk programs. With only 13% of firms formally adopting AI into business strategies, the need for AI for Executives & Strategy thinking is evident. The report's data on shadow AI and insider threats is a stark reminder of why AI for Finance knowledge is critical for today's security teams.
Containment delays and rising budgets
Organisations took an average of 67 days to contain an insider incident in 2025. Incidents resolved in under 30 days cost an average of $14.2 million per year, while those dragging beyond 90 days pushed costs to $21.9 million.
Companies are spending more to manage the problem. Insider risk management accounted for 19% of IT security budgets in 2025, up from 8.2% in 2023. 64% of organisations increased their insider-risk budgets in 2025, and 70% expect further rises in 2026.
The data types most often exposed included non-sensitive data (51%), personally identifiable information (48%), intellectual property (46%), payment card data (38%), authentication credentials (33%) and corporate financial data (21%). Two tools generated the largest cost savings: privileged access management, at $6.1 million, and user behaviour analytics, at $5.1 million. Organisations with active insider risk management programmes avoided an average of seven incidents a year and saved about $8.2 million in breach costs.
Why this matters for finance professionals
Rising insider costs and uncontrolled AI tool adoption mean finance teams must push for stronger data governance, tighter access controls, and clear policies around AI use. With credential theft and negligence topping incident causes, regular training and behaviour monitoring are no longer optional - they are cost-saving measures that directly protect the bottom line.
Your membership also unlocks:
