Recent research findings from Exabeam reveal that insider threats have overtaken external attacks as the top concern.

According to the research, the Asia Pacific and Japan (APJ) region is especially vulnerable, with 69% of respondents expecting insider threats to grow in the next 12 months. 53% of APJ respondents view insiders, whether malicious or compromised, as a greater risk than external actors.

As insider threats accelerate, how can APJ security leaders bridge the gap and effectively defend against sophisticated, AI-powered insider threats? We find out from Steve Wilson, Chief AI and Product Officer, Exabeam.

Exabeam’s recent research finds that insider threats have overtaken external attacks as the top concern among APJ organizations. What are the likely reasons for this growing concern?

Wilson: Over the past year, three in five (60%) APJ organizations have seen a measurable rise in insider incidents, according to Exabeam’s recent research. About half of the respondents (53%) now view insiders, whether malicious or compromised, as a greater risk than external actors.

AI is accelerating this shift. Particularly, Generative AI (GenAI) is a major driver of insider threats, as it makes attacks faster, stealthier, and more difficult to detect. The increase in insider threats is also driven by a combination of human and operational factors, including third-party dependencies and the use of unapproved AI tools, which create new opportunities for misuse.

APJ stands out globally in insider risk awareness, with 69% of organizations expecting insider threats to grow over the next 12 months, reflecting heightened awareness of identity-driven attacks.

How has AI changed the game for insider threats?

Wilson: AI has fundamentally changed the way insider threats operate. Today, insiders aren’t just people anymore. They are AI agents logging in with valid credentials, spoofing trusted voices, and making moves at machine speed. The question isn’t just who has access — it’s whether you can spot when that access is being abused.

In APJ, three in four (75%) respondents report that AI is making insider attacks more effective. The most concerning threat vectors include AI-enhanced phishing and social engineering, privilege misuse or unauthorized access, and data exfiltration. GenAI adds another dimension, as unapproved use by employees can create a dual-risk scenario where the same tools intended to boost productivity can be repurposed for malicious activity.

The convergence of insider access and AI capabilities is producing threats that evade traditional controls, highlighting their limitations and reinforcing the need for more advanced detection approaches.

Why are most insider threat programs missing the mark on threat detection today? Where is the gap?

Wilson: Most insider threat programs in APJ are still playing catch-up to a hybrid threat landscape that has already outpaced them.

An earlier research from Exabeam points to a critical gap: organizations remain reliant on reactive tools —  such as endpoint detection and response (EDR) and data loss prevention (DLP) — that provide visibility but fail to deliver the contextual behavioral intelligence needed for early detection of emerging threats. Less than half of APJ organizations (37%) use user and entity behavior analytics (UEBA), the foundational capability required to baseline normal activity and identify the subtle anomalies that signal an insider attack.

On the other hand, governance and operational readiness of AI tools are still lagging, even though 94% of APJ organizations are using some form of AI in their insider threat toolkit. More than half of executives (55%) globally believe AI tools are fully deployed, but managers and analysts say many are still in pilot or evaluation stages.

Compounding the challenge, security teams face persistent barriers: privacy resistance, fragmented tools, and difficulty interpreting user intent remain major blind spots in the face of complex insider threats.

What are some actionable steps that APJ security leaders can take to bridge the gap to better defend against insider threats?

Wilson: Security leaders in APJ need to move beyond surface-level defenses to bridge the insider threat gap. Therefore, behavioral analytics must become the foundation.

By adopting capabilities like UEBA, organizations can establish dynamic baselines of normal activity for every user and activity across various network entities. This tool empowers teams to detect unusual access patterns or data transfers by authorized users, shifting insider threat detection from reactive to proactive defense.

In an era of AI-driven threats, chasing individual alerts at scale is simply unsustainable. Security teams need a holistic view, integrating data from across their stack and deploying AI to correlate, classify, and elevate only the most critical signals. This context improves accuracy, freeing analysts from repetitive, manual tasks so they can focus on high-value investigations

Finally, strategy must meet operational reality; closing the perception gap between leadership and front-line analysts is critical. Involving analysts early in tool deployment and prioritizing measurable outcomes ensures technology investments deliver as intended. This alignment builds resilience, trust, and a security operation designed to outpace modern insider threats.