9 in 10 breaches due to human error

CybSafe analysis of data from the UK Information Commissioner’s Office (ICO) has found that 90% of cyber data breaches reported to the ICO last year, human error was the cause in nine out of ten cases.

“These statistics are alarming,” says Tony Pepper, CEO of Egress (www.egress.com).  “All too often, organizations fixate on external threats, while the biggest cause of breaches remains the fallibility of people and an inherent inability of employees to send emails to the right person.”

“Not every insider breach is the result of reckless or negligent employees, but regardless, the presence of human error in breaches means organizations must invest in technology that works alongside the user in mitigating the insider threat.”

The statistics Egress obtained from the ICO, through a recent Freedom of Information request, revealed that 60% of 4,856 personal data breaches, recorded between January and June 2019, were the result of human error.  Of those incidents, nearly half (43%) were the result of incorrect disclosure, with 20% posting or faxing data to the incorrect recipient.  Nearly a fifth (18%) were attributed to emailing information to incorrect recipients or failing to use Bcc, and 5% were caused by providing data in a response to a phishing attack.

“GDPR demands compliance from businesses of all sizes and they need to take all necessary steps towards protecting data,” continues Pepper.

“It is quite apparent that older security technologies from previous decades are vastly inadequate in protecting against this new generation of ‘human’ breaches.  This is one of the reasons why we have developed our Human Layer Security approach in response to the fact that yesterday’s security technologies will not prevent the threats of tomorrow and that it is important to put humans at the centre of your security strategy.”