60% of Data Breaches Down To Human Error: Report
A recently published report is stating that nearly two-thirds of cyberattacks that were launched in the UK against an organisation originated from some form of human error on the part of that organisation’s employees.
The news is especially timely, considering the vast amount of employees that are now expected to work on a remote basis due to the threat of the coronavirus.
The report comes courtesy of Gallagher who synthesised responses from 1,000 organisations in the UK on their exposure to cyber-risks and their tech-literacy. The responses illustrated that as many as 3.5-million companies in the UK could have been the victim of a cyberattack that originally stemmed from human error inside their own organisation.
The poll also took into consideration the impact of downtime for the network, as IT specialists attempted to clean up and secure the system after a hack. The report shows that 30% of the businesses had their system compromised for anywhere between four and five days, while the same number had their network rendered unusable for three days.
In the case of 14% of the data breaches, extremely sensitive information, such as customer data was accessed by cybercriminals, which in turn puts that organisation at risk of further penalties under GDPR legislation, which can in theory issue a fine valued at around 4% of its annual turnover.
The report wasn’t all bad news, however. It stated that leaders of these businesses are beginning to realise the potential for damage from insider threats - both witting and unwitting - with 71% of leaders stating that they’re worried about the potential detriment of human error leaving the door open to a cyberattack, with 64% responding that they regularly remind their staff about the risk.
On top of this, it’s reported that 42% have made investments into their cybersecurity protocols in the form of an ‘off the shelf’ set of tools of cybersecurity policy, while 39% have made the heftier investment into customized tools to optimise their online protection. 39% of those business leaders said that they had made recent efforts to gather external advice on how the organisation could increase its cybersecurity standing.
Tom Draper, head of cybersecurity at Gallagher says that this is the key to navigating an increasingly treacherous threat landscape, considering that cybercriminals are constantly evolving their tactics and have sophisticated ‘human engineering’ means of tricking members of an organisation into unwittingly handing over the keys to the castle.
“By businesses taking a comprehensive, multi-layered approach to cybersecurity - including ensuring they have the appropriate insurance in place - establishing effective training programs for employees, and implementing technologies that secure the most sensitive data, they can save both money and resources in the long run, while also helping to mitigate the potential threat of an attack,” Draper concluded.
Earlier this year we reported on a report from the Ponemon Institute that the cost of insider threats had jumped 31% in just a twelve-month period, illustrating that this is a trend that shows no signs of slowing down.