Insider threats, supercharged by artificial intelligence (AI), set for explosive Growth in the Asia Pacific and Japan (APJ), Exabeam research showed recently.

Exabeam said in a statement that based on a global survey of 1,010 cybersecurity professionals across key sectors, its research reveals that insider threats have overtaken external attacks as the top security concern, with AI accelerating the shift.

The APJ region stands out globally in insider risk awareness, with 69 percent expecting insider threats to grow in the next 12 months.

One in two (53 percent) APJ respondents now view insiders, whether malicious or compromised, as a greater risk than external actors.

Generative AI (GenAI) is a major driver of insider threats, as it makes attacks faster, stealthier, and more difficult to detect.

“Insiders aren’t just people anymore. They’re AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed,

“The question isn’t just who has access — it’s whether you can spot when that access is being abused,” said Steve Wilson, Chief AI and Product Officer at Exabeam.

According to the statement, insider activity is intensifying across industries, driven by both malicious intent and accidental compromise.

Over the past year, three in five APJ organizations (60 percent) have seen a measurable increase in insider incidents.

This surge is not uniform; risk trajectories vary sharply by geography and sector.

APJ leads in projected insider threat growth (69 percent), reflecting heightened awareness of identity-driven attacks.

The Middle East stands apart, with nearly one-third (30 percent) anticipating a decrease, a signal of either stronger confidence in current defenses or a potential underestimation of evolving risks.

These contrasts underscore the complexity of the insider threat landscape and the need for defense strategies that align with regional realities.

It is noted AI has become a force multiplier for insider threats, enabling actors to operate with unprecedented efficiency and subtlety.

These attacks can adapt in real time, mimic legitimate communications, and exploit trust at a scale and speed human adversaries cannot match.

In APJ, 75 percent of respondents acknowledge that AI is increasing the effectiveness of insider attacks.

In particular, AI-enhanced phishing and social engineering (31 percent) emerged as the most concerning threat vector, followed by privilege misuse or unauthorized access (18 percent) and data exfiltration (17 percent).

Meanwhile, unauthorized GenAI use compounds the challenge, creating a dual-risk scenario where the same tools meant to boost productivity can be repurposed for malicious activity.

64 percent of APJ organizations reported some level of unapproved GenAI tool usage by employees, with 12 percent indicating this as the top insider concern.

Globally, the convergence of insider access and AI capabilities is producing threats that evade traditional controls and demand more advanced behavioral detection.

While 82 percent of APJ organizations say they have insider threat programs, most lack the behavioral analytics needed to catch abnormal activity early.

Less than half of them (37 percent) use user and entity behavior analytics (UEBA), the foundational capability for insider threat detection.

Many continue to rely on identity and access management, security training, data loss prevention (DLP), and endpoint detection and response (EDR), tools that provide visibility but not the behavioral context necessary to spot subtle or emerging risks.

Meanwhile, AI adoption is widespread, with most APJ (94 percent) organizations using some form of AI in their insider threat tooling, yet governance and operational readiness lag far behind.

More than half of executives (55 percent) globally believe AI tools are fully deployed, but managers and analysts say many are still in pilot or evaluation stages.

Compounding the challenge, security teams face persistent barriers: privacy resistance, fragmented tools, and difficulty interpreting user intent remain major blind spots.

“AI has added a layer of speed and subtlety to insider activity that traditional defenses weren’t built to detect,

“Security teams are deploying AI to detect these evolving threats, but without strong governance or clear oversight, it’s a race they’re struggling to win. This paradigm shift requires a fundamentally new approach to insider threat defense,” said Kevin Kirkwood, CISO, Exabeam.

As insider threats accelerate, driven by AI, identity misuse, and a lack of behavioral visibility, Exabeam noted that organizations that succeed will be those that align leadership priorities with operational reality.

It said progress will come from moving beyond surface-level compliance to approaches that focus on context, accurately distinguish between human and AI-driven activity, and foster collaboration across teams to close visibility gaps.

Bridging this divide requires more than policy changes, and it demands leadership engagement, cross-functional cooperation, and governance models that keep pace with the speed of AI adoption, it noted.

Success will be defined by the ability to shorten detection and response times, reduce the window of opportunity for insider activity, and adapt strategies as threats evolve, it added.

91 percent of ASEAN enterprises expect GenAI disruption within 18 months – study