Unauthorized use of artificial intelligence tools by employees and lack of governance controls have contributed to rising breach costs and insider incident losses, according to multiple industry reports.
Insider Breach Costs Rise With Shadow AI Use
Large enterprises experienced an increase in total annual losses from insider incidents, with organizations employing 500 or more staff reporting an average annual cost of $19.5 million due to insider incidents. Annual insider losses have risen approximately 20 percent compared with 2023 figures. Within the healthcare and pharmaceutical sectors, average losses per company were reported at $28.8 million.
The Cost of Insider Risks 2026 Report, sourced from research by the Ponemon Institute and conducted on behalf of DTEX, categorized insider incidents as malicious, non-malicious and “outsmarted” incidents, with negligent, non-malicious actions representing the highest cost component. Shadow AI-related incidents have contributed materially to the increase in non-malicious losses. These include employees uploading internal documents to unsanctioned AI platforms, using AI notetaking applications that produce external summaries of sensitive information, and deploying AI-enabled browsers and agents that circumvent traditional security controls.
Surveyed IT professionals expressed concern that shadow AI usage creates invisible vectors for data exfiltration, and fewer than one in five respondents reported full integration of AI governance in existing insider risk programs. The research further indicated that defensive AI adoption is increasing, but governance gaps persist.
Shadow AI Impacts on Data Breach Costs and Exposure
In the 2025 Cost of Data Breach report sponsored and analyzed by IBM, approximately one in five organizations reported experiencing a breach linked to shadow AI. Those organizations saw data breach costs that were on average $670,000 higher than organizations with little or no shadow AI exposure.
The report identified deficiencies in AI governance as a pervasive factor. Nearly two-thirds of organizations that experienced a breach lacked an AI governance policy, and fewer than half of those that had policies deployed formal approval processes for AI implementations. Weak access controls on AI tools were widespread among affected organizations, with most lacking basic protections.
Breaches tied to shadow AI also demonstrated a disproportionate impact on data types. Incidents involving unauthorized AI tool usage more frequently exposed personally identifiable information and intellectual property compared with the global average for breaches. Attackers frequently moved laterally into other data stores after compromising AI platforms.
Governance and Security Control Gaps
Both reports highlight a significant oversight gap in enterprise security programs regarding AI. The prevalence of shadow AI reflects a broader failure to monitor and govern the adoption of AI tools enterprise-wide. Organizations with limited or no oversight processes for unsanctioned AI tools are more likely to incur higher costs and prolonged recovery efforts following a breach.
In the context of insider risk, the convergence of AI agent activity with human insider threats complicates traditional detection and response mechanisms. Without explicit inclusion of AI agent behavior within risk management frameworks, organizations may lack visibility into data exfiltration and misuse facilitated by AI tools.
Operational and Cost Implications
Rising insider breach costs and elevated breach expenses linked to shadow AI emphasize the operational impact of unmanaged AI usage. The reported average annual cost figures for insider incidents and the additional financial burden tied to shadow AI-associated breaches reveal significant financial exposure for organizations across sectors, including HIPAA-covered healthcare providers.
Image credit: Kamran-Studio, Adobestock
