A new study sponsored by OPSWAT, a global leader in critical infrastructure protection, reveals that organizations face escalating risks from insider activity, legacy tools, and the growing complexity of artificial intelligence (AI). Independently conducted by Ponemon Institute, the report found that in the past two years, 61% of organizations have suffered file-related breaches caused by negligent or malicious insiders, at an average cost of $2.7 million per incident.
The research underscores that insiders represent the single biggest risk to file security. Forty-five percent of respondents cited negligent or malicious insiders leaking data as the most serious threat, far surpassing external actors. Alarmingly, only 40 percent of organizations say they can detect and respond to file-based threats within a day (25 percent) or within a week (15 percent).
The report also shed light on the role of AI in file protection, highlighting that adversaries are now exploiting generative AI models, e.g. embedding prompts in macros or exposing hidden data through AI parsers. To combat these threats, many enterprises are themselves turning to AI for faster detection and cost savings. Currently, 33 percent of organizations have integrated AI into their file security strategies, and an additional 29 percent plan to do so by 2026. To safeguard sensitive corporate files in AI-driven workflows, organizations primarily deploy prompt security tools (41 percent) and masking techniques to protect confidential data (38 percent). Despite these efforts, governance remains inconsistent, with only 25 percent of organizations having a formal Generative AI (GenAI) policy in place, while 29 percent have banned GenAI altogether.
Such gaps leave organizations with poor confidence in their ability to protect files at critical points such as uploads, transfers, and third-party sharing. The findings indicate that files are most vulnerable at critical exchange points. Only 39 percent of respondents express confidence that files remain secure when transferring them to and from third parties, while just 42 percent feel confident during file uploads. The environments posing the greatest risk include file storage systems such as on-premises, NAS, and SharePoint (42 percent), followed closely by web file uploads via public portals and web forms (40 percent).
“As threats continue to accelerate and increase in cost, cyber resilience has shifted from being a technical priority to being a strategic, fiscal imperative,” said Dr. Larry Ponemon, Founder of the Ponemon Institute. “Executives must take ownership by investing in technology that reduces risk and cost while enabling organizations to keep pace with an ever-evolving AI landscape.”
The findings further reveal a sharp shift away from legacy point solutions toward unified, multi-layered platforms that incorporate technologies such as multiscanning, Content Disarm & Reconstruction (CDR), and adaptive sandboxing. By 2026, two-thirds of enterprises expect to be using these advanced technologies.
“A multi-layered defense that combines zero-trust file handling with advanced prevention tools is no longer optional but is the standard for organizations looking to build resilient, scalable security in the AI era,” added George Prichici, VP of Products at OPSWAT. “Leveraging a unified platform approach allows file security architectures to adapt to new threats and defend modern workflows and complex file ecosystems inside and outside the perimeter.”
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. The company’s mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations.
Read the full The State of File Security report here.
To learn more about how OPSWAT enables resilient file security across IT and OT environments, visit OPSWAT MetaDefender™ Platform.
