Why insider risk spending has doubled: The strategic shift security teams can't ignore

"Too many still focus on keeping threats out, but the real danger is already inside," says Anna Borgström, CEO of NetClean.

The shift: From keeping threats out to managing threats within

Since 2023, global spending on insider risk technologies has more than doubled, rising from 8.2% to 16.5% of cybersecurity budgets, according to the 2025 Ponemon Institute report.

This isn't a reaction to any single event. It’s a strategic realization that insider risk is the final major blind spot in modern cybersecurity frameworks.

Leading security professionals agree: the most dangerous threats don't break in – they log in. This goes far beyond employees clicking malicious links or falling for phishing attacks. These actors exploit people with legitimate access, often made vulnerable by stress, coercion, or personal pressure. For a deeper understanding of how these vulnerabilities are exploited, read our interview with cybersecurity expert Bob Lewis, sharing insights from his 40 years of frontline experience.

Several trends are converging this year

Security analysts are calling 2025 a tipping point for insider risk. Several forces are converging:

• Detection technologies have reached new levels of accuracy and scalability
• Security teams are actively monitoring human risk signals
• Regulations are tightening across industries and jurisdictions
• Boards are asking tougher questions about internal vulnerabilities
• Threat actors are shifting focus from infrastructure to individuals

Early adopters already see advantages

A clear divide is emerging between organizations that treat insider risk as a strategic priority and those postponing action. Early adopters aren’t just deploying technology – they’re building institutional knowledge and setting new standards.

Organizations with proactive insider risk programs report:

• Faster identification of emerging threats before they escalate
• Reduced overall impact from incidents through early intervention
• Increased confidence from investors, clients, and regulators
• Smoother alignment with evolving compliance frameworks
• Greater resilience against sophisticated, people-targeted attacks
• Organizations that take insider risk seriously position themselves as mature, trustworthy, and forward-looking.

Being proactive with insider risk builds trust

When you address insider risk proactively, you signal to regulators, partners, and customers that they are safe with you in an evolving risk landscape. As Anna puts it:

"Every year widens the gap between organizations acting with foresight and those treating insider risk as tomorrow's problem. Forward-thinking security leaders understand that effective insider risk management directly impacts strategic positioning."

As compliance demands evolve, the organizations incorporating insider risk into their frameworks today will be best positioned to meet tomorrow’s expectations, without costly remediation or reputational harm.