Study: 90% of Data Breaches Due to Human Error
A study published by tech researchers purports that as much as 90% of the data breaches recorded in the UK over 2019 were the result of human error.
The analysis comes courtesy of CybSafe, who analysed data made available from the UK’s Information Commissioner’s Office (ICO), the regulatory body that organisations are required to report a data breach so that it can be studied, and the offenders possibly prosecuted. Under GDPR legislation, organisations have a legal obligation to report these breaches to the relevant bodies, otherwise risking a fine.
Of the 2,376 cyber breaches that the firm took into account from the ICO, nine out of every ten breaches were in some way caused by human error; a 61% increase over 2018’s rates, and an 87% increase from 2017 numbers.
CybSafe cited a rise in the number of phishing attacks, whereby a potential cybercriminal lures a member of an organisation to open an email’s link or attachment that is laced with dangerous software. Unauthorized access was said to be the second most common cause of cyber breaches for organisations, with CybSafe also citing ransomware attacks, malware, hardware and software attacks had also contributed in a rise of cyber attacks on organisations.
CEO of CybSafe, Oz Alashe, said “as this analysis shows, it’s always almost human error that enables attackers to access encrypted channels and sensitive information. Staff can make a variety of mistakes that put their company’s data or systems at risk, often because they lack the knowledge or motivation to act securely, or simply because they accidentally slip up.”
“Employees, of course, pose a certain level of cyber-risk to their employers, as seen in our findings thus far,” Alashe added. “Nevertheless, people also have an important role to play in helping to protect the companies they work for, and human cyber-risk can almost always be significantly reduced by encouraging changes in staff cyber-awareness, behavior and culture,” Alashe concluded.
It would seem, judging by the analysis put forward by CybSafe that employers have an obligation to get their staff well-versed when it comes to cyber-security, as one potentially innocuous move could result in disaster for the entire organisation. For your free ISO 27001 Information Security Management System, click here