Organisations across the Asia-Pacific (APAC) region are experiencing insider-driven cyber incidents more frequently than their counterparts in North America and Europe.
This highlights a growing and persistent source of business risk linked to human behaviour, according to new research from Mimecast.
Mimecast commissioned Vanson Bourne to survey 2,500 IT security and IT decision makers across nine countries in November and December 2025. These include the United States, the United Kingdom, Germany, France, Spain, Italy, South Africa, Singapore and Australia.
All organizations surveyed had more than 250 employees and more than 250 email users. Organization sizes ranged from 250 to over 10,000 employees.
Mimecast’s study found that APAC organisations experience an average of around eight insider-driven data exposure, loss, leak or theft incidents per month, compared with approximately six incidents per month in Europe, the Middle East and Africa (EMEA) and five in North America.
While the average cost per insider-driven incident is broadly consistent across regions at around US$13.1 million, the higher frequency of incidents in APAC significantly amplifies cumulative financial, operational and reputational impact.
Insider-driven incidents, which can stem from compromised credentials, negligent actions or inadvertent mistakes by employees, are increasingly being recognised as a regular feature of the cyber threat landscape rather than isolated or exceptional events.
In APAC, the research suggests that the sheer frequency of such incidents is becoming a defining risk factor for organisations operating at scale.
The study also found that 64% of APAC respondents expect insider-driven data loss to increase at their organisation over the next 12 months, indicating growing concern that existing controls may struggle to keep pace with the complexity of modern working environments.
Large workforces, distributed teams and high volumes of daily communications are expanding the number of opportunities for insider-driven exposure.
Over half (53%) of APAC organisations are already using AI-driven behavioural or sentiment analysis to identify potential insider threats, reflecting growing efforts to detect suspicious activity linked to human behaviour.
“What differentiates APAC is not that insider-driven incidents are more costly than elsewhere, but that they are happening more often,” said Nicky Choo, Mimecast VP and general manager in APAC.
“When organisations are dealing with insider incidents on a recurring basis, the cumulative impact on operations, customer trust and regulatory exposure becomes significant. This reinforces that human-driven cyber risk is not an abstract problem, it is an ongoing business challenge for organisations across the region,” said Choo.
Also, APAC organisations are operating within increasingly complex digital environments characterised by large, distributed workforces and high volumes of day-to-day communication and data exchange.
As organisations grow and adopt new ways of working, insider risk is being shaped less by single points of failure and more by the interaction between people, processes and visibility across digital systems.
The findings indicate that while organisations globally face similar per-incident costs when insider-driven incidents occur, APAC’s elevated incident frequency places additional pressure on security teams, incident response processes and governance structures.
Over time, this can translate into greater exposure to regulatory scrutiny, prolonged operational disruption and erosion of stakeholder confidence.
