File security risks rise as insiders, malware, and AI challenges converge
Breaches tied to file access are happening often, and the costs add up quickly. Many organizations have faced multiple file-related incidents over the last two years, with financial losses stretching into the millions. The fallout often includes stolen customer data, reduced productivity, and exposure of intellectual property.
A new study from Ponemon Institute shows that data leakage from insiders is a huge threat. Both negligence and malicious intent drive this risk, leaving organizations exposed when access controls are weak or file activity is not visible. Other top concerns include malicious files from vendors and poor oversight of file sharing.
Weak confidence in file transfers and uploads
Files are seen as most vulnerable when they are shared, uploaded, or transferred. Fewer than half of organizations expressed strong confidence that files remain secure during uploads, email sharing, or transfers with third parties. Even downloading files from unknown sources received higher confidence scores than uploads and transfers, underscoring how difficult it is to control these processes.
Storage also remains a major risk point. Traditional repositories such as on-premises systems, NAS, and SharePoint ranked highest as potential sources of exposure. Public portals, web forms, and file downloads from SaaS applications were also named as common weak spots.
Malware continues to evolve
Macro-based malware and zero-day or unknown malware top the list of file threats. Organizations say they are most concerned about these types of malicious content, both of which are difficult to detect with traditional tools. Ransomware also remains a concern, along with exploits targeting file parsing vulnerabilities and obfuscated scripts.
The findings suggest that many companies lack the ability to detect and respond to file-based threats. Only about 40 percent said they can respond within a day or a week, while others report longer delays or an inability to measure.
Expanding use of defensive tools
Organizations are adopting a range of approaches to strengthen file security. Many are using or plan to use content disarm and reconstruction, multiscanning, sandboxing, file vulnerability assessments, and threat intelligence. Each technology is being deployed for specific reasons, such as detecting malicious hyperlinks, removing active content, or supporting compliance.
Data Loss Prevention is also gaining ground, especially to control file sharing and prevent leaks. The use of country of origin checks and software bills of materials reflects concern about the supply chain, as companies seek to better understand the provenance of files and code.
AI enters the strategy mix
AI is emerging as a central part of file security strategies. One third of organizations already use AI for this purpose, and another third plan to do so in the next year. Respondents see the greatest benefit in reducing risks and costs, with some also citing improvements in efficiency.
Generative AI remains controversial. Only a quarter of organizations have a formal policy, while nearly as many ban its use outright. Others are experimenting through pilots or limited production deployments. Where GenAI is being used, it often plays a role in unlocking files or analyzing complex file interactions.
Securing sensitive files in AI workloads has also become a priority. Organizations report using prompt security tools, masking sensitive data, checking for malware, and applying AI guardrails. These steps are meant to address concerns about prompt injection, data leakage, and misuse of sensitive information.
Compliance pressures
Regulatory obligations continue to weigh on organizations. Laws and standards such as SOX, PCI DSS, HIPAA, and GDPR were cited as the most influential. Yet, only about half of respondents said their organizations are effective in meeting compliance requirements tied to file security.