Human error remains number one cause of data breaches
Published On: September 7, 2018 |
Data breaches are seven times more likely to be the result of human error than by a hacker gaining illicit access to a company's network, newly-released figures have suggested.
Statistics from the Information Commissioner's Office (ICO) revealed that the number of data breaches reported to the regulator increased by 75 per cent over the last two years, with the cause of the majority of these being traced back to someone within the business.
The data, which was obtained via a Freedom of Information request by data protection firm Kroll, showed that in the past year, the ICO recorded 2,124 reports that were attributed to human error, compared with just 292 that were considered to be deliberate cyber attacks.
The most common cause of a breach was information being emailed to the wrong recipient, which accounted for 447 incidents. Loss or theft of paperwork (438 incidents), data left in an insecure location (164) and the loss or theft of unencrypted devices (133) were also common issues.
Meanwhile, the ICO received 102 reports of unauthorised access to a network, as well as 53 cases of malware, 51 phishing attacks and 33 uses of ransomware.
Andrew Beckett, managing director and EMEA leader for Kroll’s Cyber Risk Practice, commented: "Effective cyber security is not just about technology. Often, companies buy the latest software to protect themselves from hackers, but fail to instigate the data management processes and education of employees required to mitigate the risks."
He added that the majority of data breaches, including many cyber attacks, could be prevented simply with better human vigilance or the implementation of relatively basic security procedures.
The data also revealed that the healthcare sector was responsible for the highest number of data breaches reported in the last year, with 1,214 incidents reported. Kroll noted that this may be partly down to the fact there were mandatory reporting requirements for this sector in place prior to the introduction of GDPR.
With every business now facing much stricter reporting requirements, the firm stated it expects to see a much wider spread of business sectors reporting incidents in the coming months and years.
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.