Human error top cause of self-reported data breaches

null

New research from the security firm Kroll has revealed that self-reported data breaches are seven times more likely to be caused by human error than by hackers.

The firm filed a Freedom of Information request to obtain data on self-reported incidents from organisations to the Information Commissioner's Office (ICO) to learn that 2,124 incidents reported in 2017-2018 could be traced back to employee mistakes or incompetence.

According to the data provided by the ICO, there were 3,156 self-reported data breaches last year which is up by 28 per cent from the previous year and up 19.3 per cent from 2015-2016.

The higher number of self-reported data breaches is likely a result of employees having a better understanding of what constitutes a breach combined with the fact that under GDPR, organisations are required to report serious data breaches.

The healthcare sector accounted for the largest number of reports since breach reporting was mandatory before GDPR went into effect. There were 1,214 reports made by those in healthcare last year followed by general business with 362 reports, education and childcare with 354 reports and local government with 328 reports.

According to Kroll, the most common mistakes were made by people sending data via email to the wrong recipient (477 reports) or by post (441 reports). Surprisingly loss or theft of paperwork was responsible for 438 incidents.

The human element in cybersecurity should never be overlooked and organisations can better protect themselves from employees leaking data through increased training and education.

Image Credit: Balefire / Shutterstock