Eight out of 10 cyber security leaders in SA expect data loss from insider threats to increase over the next 12 months, according to cyber security firm Mimecast. The company warns that many IT security teams are under-prepared and under-resourced to address these internal risks.
Mimecast defines insider threats as risks originating from within an organisation, where employees, partners, suppliers or other trusted entities can access internal networks and may accidentally leak or deliberately steal sensitive information.
Employees leaving a company – whether voluntarily or involuntarily – represent one of the most common threats. They may take materials they believe are theirs or sensitive information to secure a new role, and in some cases, may act out of revenge. Insider threats account for roughly 22% of all data breaches.
Heino Gevers, senior director of technical support at Mimecast South Africa, said insider threats extend beyond departing staff. “Disgruntled staff, feeling overlooked or underpaid, may exfiltrate intellectual property, client lists or strategy documents for revenge or leverage – even if they are not actively leaving the company. Organised criminal networks are also exploiting employees to share sensitive data or deploy malware.”
Even well-intentioned employees can create risk, added Gevers. “Well‑meaning employees who mishandle data via personal e-mail, personal cloud storage, collaboration tools or GenAI tools could also create exposure without malicious intent. Admins and developers with elevated access – for example, to source code, CRM or cloud storage – pose an outsized risk if they are careless, compromised or malicious. Suppliers, consultants and other third parties with network or system access can leak or steal sensitive information or be compromised themselves.”
The company’s warnings align with findings from the 2024 Annual Data Exposure Report from Code42, now part of Mimecast, which shows 85% of global cyber security leaders expect insider-driven data loss to rise over the next year. South African respondents reported similar trends.
“Human risk management is emerging as a critical frontier in cyber security,” Gevers said. “It requires understanding not just what technologies employees use, but how and why they use them. Organisational culture can either support or undermine secure behaviour. As hybrid work, personal device usage and cloud collaboration grow, the human element is becoming central to an effective security strategy.”
IT teams under-prepared
Mimecast warns that South African IT teams remain under-prepared. Budgets, tools and KPIs have historically focused on external threats like malware, phishing and perimeter breaches, rather than daily data movement by insiders. Traditional data loss prevention tools often fail to monitor modern workflows, leaving teams without visibility over sensitive data.
“Many organisations have not yet adopted a human risk management mindset,” Gevers said. “Insider risk management demands behavioural analytics, collaboration with HR and legal teams, and security awareness programmes that treat employees as partners, not threats. In South Africa, where security teams face resource constraints, this shift from technology-centric to people-centric security represents a significant capability gap.”
Mimecast recommends a three-step approach for organisations:
- Form a cross-functional insider-risk committee including HR, IT and security, legal and line-of-business leaders with shared objectives, such as protecting intellectual property, meeting POPIA obligations and maintaining customer trust.
- Standardise insider risk workflows by defining responsibilities across the employee life cycle, from HR triggers and system access checks to legal validations.
- Build a security-aware culture through clear policies and communication. Explaining why monitoring exists and how it protects both employees and the organisation improves compliance and buy-in.
“Effective human risk management recognises that employees want to do the right thing when they understand why it matters and how to do it,” Gevers concluded.
Share