sb-au logo
Story image

More than half of personal data breaches caused by human error 

A new report out of the UK has revealed that 60% of ICO-reported breaches this year are caused by human error, with healthcare the most-affected sector.

Figures released by data security solutions firm Egress, obtained via a Freedom of Information (FOI) request, highlight concerning statistics on human error remaining the main cause of personal data breaches.

The figures show that of the 4856 PDBs reported to the Information Commissioners Office (ICO) between 1st January and 20th June 2019, 60% were the result of human error.

Of those incidents, nearly half (43%) were the result of incorrect disclosure, with 20% posting or faxing data to the incorrect recipient. Nearly a fifth (18%) were attributed to emailing information to incorrect recipients or failing to use Bcc, and 5% were caused by providing data in a response to a phishing attack.

Tony Pepper, CEO, Egress comments, says these statistics are alarming. 

"All too often, organisations fixate on external threats, while the biggest cause of breaches remains the fallibility of people and an inherent inability of employees to send emails to the right person," he explains. 

"Not every insider breach is the result of reckless or negligent employees, but regardless, the presence of human error in breaches means organisations must invest in technology that works alongside the user in mitigating the insider threat."

Pepper says the statistics further compound findings from the Insider Data Breach survey 2019, research commissioned by Egress and conducted by independent research company Opinion Matters. 

The research, which gathered responses from over 500 IT leaders and 4,000 employees to assess the root causes of internal data breaches, as well as their frequency and impact, showed 95% of IT leaders are concerned about insider threat. The research also showed that 79% of IT leaders believed that employees have put company data at risk accidentally in the last 12 months, whilst 61% believe they have done so maliciously.

Analysing the ICOs personal data breaches in this period, by sector, reveals the following industries top the list:
 
1.    18% were reported within Healthcare
2.    16% were reported within Central and Local Government
3.    12% were reported within Education
4.    11% were reported within Justice and Legal
5.    9% were reported within Financial Services
 
In Verizons 2019 Data Breach Investigations Report, healthcare was the only industry where the insider threat created more data breaches than external attacks (59% of data breaches are associated with internal actors). According to Verizon, mis-delivery was the most common type of human error that led to data breaches, making up 15% of all data breaches affecting healthcare organisations.
 
"The healthcare sector persistently tops the list when analysing the sectors affected by data breaches," Pepper says. 

"This is very concerning, especially given the nature of the data. Why this particular industry continues to suffer from internal breaches is worrying and the sector must quickly take action to identify how it can work towards mitigating the insider threat," he explains.

"What is equally worrying is that the statistics obtained from our FOI request leave us in a Groundhog Day scenario," says Pepper. 

"When the ICO released its Q1 statistics last year it showed that between April and June 2018 3416 data security incidents were reported, most of which were again down to human error, failed processes and inadequate policies," he says. 

"The data revealed that of those 3146 security incidents incorrect disclosure of data accounted for 65%, as opposed to external cyber threats caused by malware, ransomware, brute force attacks and phishing, which accounted for around 13%."

Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Link image
Why video-streaming companies should consider a multi-CDN strategy
Video streaming continues to grow each year, and in order to ensure quality of experience, new strategies must be leveraged.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Why securing IoT installations will be ‘do or die’ in post-pandemic Australia
Unless IoT technology is visible on the network, organisations will find themselves at risk with an unmanageable high-tech morass, warns ExtraHop A/NZ regional sales manager Glen Maloney.More
Story image
Global DDoS attacks: What they are, how they work, and how to defend against them
Do not pay the ransom, and do make sure you've got strong DDoS protection, security firms warn.More