Mimecast says APAC organisations face more insider-driven cyber incidents than peers in the US and Europe
Mimecast says APAC firms face more insider-driven cyber incidents per month than peers in North America and Europe
Organisations in Asia Pacific are facing insider-driven cyber incidents more frequently than peers in North America and Europe, according to new research from Mimecast, which points to repeated exposure rather than higher per-incident cost as the main pressure point.
Mimecast’s State of Human Risk 2026 study found that APAC organisations record an average of around eight insider-driven data exposure, loss, leak or theft incidents each month. That compares with about six incidents per month in Europe, the Middle East and Africa, and five in North America. The company said the average cost per insider-driven incident remains broadly similar across regions at around US$13.1 million.
Higher incident volume in APAC
The report describes insider-driven incidents as a recurring risk tied to compromised credentials, negligent actions and inadvertent employee mistakes. In APAC, Mimecast said the issue is intensified by how often these incidents occur, particularly for organisations operating at scale.
The study found that 64% of APAC respondents expect insider-driven data loss to increase at their organisation over the next 12 months. Mimecast linked that expectation to increasingly complex working environments, including large workforces, distributed teams and high volumes of daily communication and data exchange.
According to the company, those conditions increase the number of opportunities for insider-driven exposure and make the issue harder to reduce to a single technical weakness. The findings also indicate that the higher incident rate in APAC adds pressure to security teams, incident response processes and governance structures over time.
Nicky Choo, Vice President and General Manager, APAC, Mimecast, said the gap is defined by frequency rather than severity. “What differentiates APAC is not that insider-driven incidents are more costly than elsewhere, but that they are happening more often,” said Choo. “When organisations are dealing with insider incidents on a recurring basis, the cumulative impact on operations, customer trust and regulatory exposure becomes significant. This reinforces that human-driven cyber risk is not an abstract problem, it is an ongoing business challenge for organisations across the region.”
Detection efforts are expanding
Mimecast said 53% of APAC organisations are already using AI-driven behavioural or sentiment analysis to identify potential insider threats. The figure points to a growing effort to detect suspicious activity linked to human behaviour, rather than relying only on traditional security controls.
The company said insider risk is increasingly shaped by the interaction between people, processes and visibility across digital systems. As organisations expand and adopt new ways of working, that combination can widen exposure across everyday operations.
Mimecast added that sustained incident frequency can lead to greater regulatory scrutiny, longer operational disruption and weaker stakeholder confidence, even if the cost of individual incidents remains similar across regions.
