The Hidden Costs of File Security in the AI Era

Files are the lifeblood of modern business. They carry contracts, medical records, design blueprints, and sensitive financial data. But new research shows they are also a weak point in enterprise security—particularly as insider activity and artificial intelligence add new layers of risk.

The State of File Security Report 2025, conducted by the Ponemon Institute, highlights troubling trends. In the past two years, 61 percent of organizations reported file-related incidents caused by negligent or malicious insiders, at an average cost of $2.7 million per breach. At the same time, confidence in securing files is lowest at the very moments they are most vulnerable—when uploading, transferring, or sharing with third parties.

Insider Activity on the Rise

The report identifies insiders as the leading cause of file-related incidents. This includes both negligence, such as employees mishandling sensitive data, and malicious intent, such as exfiltrating files. Experts point to several drivers: increasingly complex IT environments, the rapid adoption of generative AI tools, and inconsistent or fragmented security controls.

George Prichici, VP of products at Opswat, notes that “the rise in insider-driven security incidents can be attributed to a combination of factors, including more complex IT environments, the quick proliferation and adoption of new GenAI tools since ChatGPT’s release in the fall of 2022, and inconsistent or fragmented security controls. Negligence by users is most likely the leading cause.”

Organizations can watch for warning signs such as unusual access patterns, large outbound file transfers, or attempts to hide sensitive content in documents. Applying the principle of least privilege—restricting users to the minimum permissions needed—remains a basic but powerful safeguard.

The Weakest Links

File security confidence falls sharply during uploads, transfers, and external sharing. These choke points are also where attackers are most likely to strike. Best practices include encrypting files end to end, requiring multi-factor authentication, scanning for malware before uploads and downloads, and applying expiration dates to shared links. But gaps remain, particularly in comprehensive monitoring and consistent enforcement.

Old Threats, New Challenges

Macro-based malware and zero-day threats are still top concerns. Security leaders recommend a layered defense: prevention tools like Content Disarm and Reconstruction and multiscanning to strip or detect hidden code, combined with real-time detection and response to catch what slips through. The goal is to shorten dwell time without adding unnecessary friction for employees.

Prichici stresses that “a balanced approach is crucial to address these advanced threats while avoiding security fatigue and impeding user productivity.” His point reflects the tension many CISOs face: how to protect against fast-moving threats without slowing the business down.

Closing the Detection Gap

One of the most sobering findings is that fewer than half of organizations can detect and respond to file threats within a day—or even within a week. In an era of automated attacks, that window is dangerously long. Practical steps can help shrink the gap, such as integrating scanning into email and storage systems, deploying CDR at upload points, and automatically quarantining suspicious files.

Platforms Over Point Tools

The study shows a clear shift away from standalone tools toward unified, multi-layered platforms. Centralized visibility and consistent policy enforcement are increasingly seen as essential for inspecting files in motion and at rest, across email, cloud services, and storage. The objective is to ensure every file, regardless of its source, undergoes the same scrutiny before reaching users or workloads.

AI: Friend and Foe

Artificial intelligence is reshaping the threat landscape. It enables defenders to detect anomalies faster and cut costs, but it also gives attackers new weapons. Malicious prompts hidden in macros or images, for example, can manipulate AI-driven systems into exfiltrating sensitive data.

To counter this, experts advise strict oversight of AI workflows, including robust access controls, human checkpoints, full activity logging, and data privacy safeguards. Without clear policies, organizations risk exposing sensitive information to both insiders and adversaries.

Compliance, ROI, and Policy

Technologies like data loss prevention, sandboxing, and software bills of materials (SBOM) are delivering measurable benefits in three areas: reducing the cost of incidents, ensuring compliance with regulations such as GDPR and HIPAA, and improving employee productivity. Adaptive sandboxing and pre-configured policies can streamline workflows while meeting security requirements.

Still, many organizations lack even basic policies for handling generative AI in file workflows. A minimal policy should prohibit uploading sensitive data to public AI tools, restrict use to approved platforms, and train employees to classify and redact information where necessary.

A Strategic Imperative

Ultimately, file security is no longer just a technical issue—it is a financial and strategic one. With multimillion-dollar breaches becoming common, the cost of inaction outweighs the cost of prevention. Framing cybersecurity in business terms—continuity, reputation, and financial risk—helps boards and CFOs understand the urgency.

The findings are clear: files remain one of the most overlooked attack surfaces, but also one of the most critical to protect. Resilience requires a layered strategy that combines technology, policy, and culture. Organizations that act now will not only reduce risk but also strengthen trust and competitiveness in an increasingly digital world.