Humans are the weak link

35% of data breaches were caused by human error last year.

  • Wednesday, 28th February 2024 Posted 9 months ago in by Phil Alsop

New survey data from Tech.co’s Impact of Technology on the Workplace report has found that human error caused 35% of data breaches last year, revealing that humans are the weak link when it comes to business security.

The survey of 1047 US business leaders found that 23% of data breaches were caused by phishing attacks and 12% were down to employee error, such as sending an email to the wrong person.

While the data breach landscape continues to diversify, Tech.co’s research shows that one of the biggest threats to business security lies internally - specifically, the errors made by employees. “Human error” - such as sending a document to the wrong address - is still at the centre of a significant number of cyberattacks experienced by businesses.

Phishing attacks, which mostly rely on employee interaction with a link or fake landing page, proved to be the top reason for data breaches experienced by surveyed business leaders in 2023.

One business leader spoke to Tech.co about their company falling victim to a phishing email attack, revealing that the email was “sent on a Friday evening, exploiting the reduced vigilance typical of week’s end”. This allowed the threat actor a 36-hour window before detection. The individual shared that a “special response team” of legal, IT, and communication stakeholders was required to devise a rescue plan and address impacted clients via email.

Top Reasons for Data Breaches in 2023, According to Tech.co’s Research:

1. Phishing attack (23%)

2. Computer virus (malware, ransomware) (22%)

3. Employee error (12%)

4. Advanced persistent threat (APTs) (9%)

5. Unsecure Wi-Fi (8%)

6. Unencrypted data intercepted (7%)

7. Third-party vendor error (7%)

8. Denial of service (DoS) Attack(s) (6%)

Tech.co’s Lead Writer, Aaron Drapkin, comments:

“While businesses should be taking every available opportunity to bolster their defenses against cyberattacks, recognizing the threat posed internally by human error and complacency - and taking steps to mitigate it - is an equally vital component of any comprehensive cybersecurity strategy.

A company can install the most high-tech security software you can find, but if its employees don’t know how to spot the telltale signs of a phishing email - and don’t understand the ramifications of sending data to the wrong person, even in error - they’ll continue to put their customers, clients, and themselves at risk.

This is why it’s so important to ensure that all your employees are put through rigorous cybersecurity training, understand company policies that govern how data should be handled and stored, and know the steps they need to take in the event of a breach. With the threat landscape continuing to evolve at a rapid pace - and breach recovery costs so high - it’s one of the most worthwhile investments you can make.”

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 4 days ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 5 days ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 5 days ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.