Financial services insider costs hit $23.1m as shadow AI spreads

The sector ranked third amongst industries and exceeded the $19.5m global average.

Financial services firms faced one of the highest insider-risk cost levels in 2025, with average annual costs rising to $23.1m.

The sector, which includes banking, investment management, insurance, brokerage, payments and credit cards, ranked third amongst the industries studied, according to the 2026 Cost of Insider Risks Global Report by Ponemon Institute and DTEX.

Its average cost was above the global cross-industry average of $19.5m. Financial services costs also increased from $20m in 2024.

The report was based on 354 organisations that experienced at least one material insider incident.

Financial services made up 14% of participating organisations, the largest share of any industry in the study.

Across all sectors, insider incidents now cost organisations an average of $19.5m a year, up from $17.4m in 2024. 

The report found that the average organisation had 25.4 insider incidents in 2025.

Negligent or mistaken employees and contractors were the biggest source of insider incidents. 

They accounted for 53% of the 7,490 incidents reviewed. Malicious or criminal insiders made up 27%, whilst outsmarted insiders, mainly linked to credential theft, accounted for 20%.

Negligence was also the largest cost category. Losses tied to negligent or mistaken insiders reached $10.3m a year, up 17% from the previous year. 

The average negligent insider incident cost $747,107.
The report said shadow AI is adding to the problem. Employees are using unapproved AI tools in daily work, including in financial services, often without clear oversight from security teams. 

DTEX said staff have entered internal documents, legal material, source code, architecture diagrams and business strategy into tools such as ChatGPT, Claude, Gemini, Perplexity and Grok AI.

The risk is not mainly from employees trying to cause damage, according to the report. 

The common pattern is workers using AI and other tools to move faster, whilst companies lack visibility into what data is being shared and where it goes.

AI governance remains limited. The report found that 92% of organisations said generative AI has changed how employees access and share information, but only 13% have formally adopted AI into their business strategies. 

Seventy-three percent said unauthorised AI use is creating hidden data-loss paths, whilst only 18% have fully integrated AI governance into insider risk programmes.

Containment remains a major cost driver. Organisations took an average of 67 days to contain an insider incident in 2025. 

Incidents contained in less than 30 days cost an average of $14.2m a year, compared with $21.9m when containment took more than 90 days.

The report found that companies are spending more to manage insider risk. Insider risk management accounted for 19% of IT security budgets in 2025, up from 8.2% in 2023.

Sixty-four percent of organisations increased their insider-risk budgets in 2025, and 70% expect budgets to rise again in 2026.

For financial services firms, the findings point to higher exposure from employee behaviour, credential theft, unapproved AI use and sensitive data handling. 

The data types most often involved in insider incidents across all sectors were non-sensitive data at 51%, personally identifiable information at 48%, intellectual property at 46%, payment card data at 38%, authentication credentials at 33% and corporate financial data at 21%.

The report said tools that produced the largest cost savings were privileged access management, at $6.1m, and user behaviour analytics, at $5.1m. 

Organisations with insider risk management programmes avoided an average of seven incidents a year and saved about $8.2m in breach costs.