Hacking and hardware failure might play a large role in data loss for organisations in the UK, but human error is still the leading cause, a new survey finds.
The information is part of a Databarracks Data Health Check report, which surveyed more than 400 IT decision makers.
According to the accompanying press release, 24 per cent of organisations admitted to a data loss caused by employee accidents in the last 12 months. Other high-scoring causes of data loss included hardware failure (21 per cent) and data corruption (19 per cent).
Oscar Arean, technical operations manager at Databarracks, elaborated on the results:
“Human error has consistently been the biggest area of concern for organisations when it comes to data loss. People will always be your weakest link, but having said that, there is a lot that businesses could be doing to prevent it, so we’d expect this figure to be lower.
“The results weren’t consistent across all organisations though. When we broke them down by business size, we saw that for the second year in a row, it was actually hardware failure, which contributed the most towards data loss across large organisations at 31 per cent (up from 29 per cent in 2014).
“This isn’t surprising as the majority of large organisations will have more stringent user policies in place to limit the amount of damage individuals can cause. Secondly, due to the complexity of their infrastructure, and the cost of maintaining it, large organisations may find it more difficult to refresh their hardware as often as smaller organisations, so it’s inevitable at some point it will just give out.”
Arean goes on to suggest that SMEs should adopt more of a big business ethos when it comes to managing human error:
“The figures we’re seeing this year for data loss due to human error are too high (16 per cent of small businesses and 31 per cent of medium businesses), especially considering how avoidable it is with proper management. I think a lot of SMEs fall into the trap of thinking their teams aren’t big enough to warrant proper data security and management policies, but we would disagree with that.
“In large organisations, managers can lock down user permissions to limit the access they have to certain data or the actions they’re able to take – this limits the amount of damage they’re able to cause. In smaller organisations, there isn’t always the available resource to do this and often users are accountable for far more within their roles. That is absolutely fine, but there needs to be processes in place to manage the risks that come with that responsibility.
“Of course small organisations don’t need an extensive policy on the same scale that a large enterprise would, but their employees need to be properly educated on best practice for handling data and the consequences of their actions on the business as a whole. There should be clear guidelines for them to follow.”