itb-nz logo
Story image

More than half of personal data breaches caused by human error 

A new report out of the UK has revealed that 60% of ICO-reported breaches this year are caused by human error, with healthcare the most-affected sector.

Figures released by data security solutions firm Egress, obtained via a Freedom of Information (FOI) request, highlight concerning statistics on human error remaining the main cause of personal data breaches.

The figures show that of the 4856 PDBs reported to the Information Commissioners Office (ICO) between 1st January and 20th June 2019, 60% were the result of human error.

Of those incidents, nearly half (43%) were the result of incorrect disclosure, with 20% posting or faxing data to the incorrect recipient. Nearly a fifth (18%) were attributed to emailing information to incorrect recipients or failing to use Bcc, and 5% were caused by providing data in a response to a phishing attack.

Tony Pepper, CEO, Egress comments, says these statistics are alarming. 

"All too often, organisations fixate on external threats, while the biggest cause of breaches remains the fallibility of people and an inherent inability of employees to send emails to the right person," he explains. 

"Not every insider breach is the result of reckless or negligent employees, but regardless, the presence of human error in breaches means organisations must invest in technology that works alongside the user in mitigating the insider threat."

Pepper says the statistics further compound findings from the Insider Data Breach survey 2019, research commissioned by Egress and conducted by independent research company Opinion Matters. 

The research, which gathered responses from over 500 IT leaders and 4,000 employees to assess the root causes of internal data breaches, as well as their frequency and impact, showed 95% of IT leaders are concerned about insider threat. The research also showed that 79% of IT leaders believed that employees have put company data at risk accidentally in the last 12 months, whilst 61% believe they have done so maliciously.

Analysing the ICOs personal data breaches in this period, by sector, reveals the following industries top the list:
 
1.    18% were reported within Healthcare
2.    16% were reported within Central and Local Government
3.    12% were reported within Education
4.    11% were reported within Justice and Legal
5.    9% were reported within Financial Services
 
In Verizons 2019 Data Breach Investigations Report, healthcare was the only industry where the insider threat created more data breaches than external attacks (59% of data breaches are associated with internal actors). According to Verizon, mis-delivery was the most common type of human error that led to data breaches, making up 15% of all data breaches affecting healthcare organisations.
 
"The healthcare sector persistently tops the list when analysing the sectors affected by data breaches," Pepper says. 

"This is very concerning, especially given the nature of the data. Why this particular industry continues to suffer from internal breaches is worrying and the sector must quickly take action to identify how it can work towards mitigating the insider threat," he explains.

"What is equally worrying is that the statistics obtained from our FOI request leave us in a Groundhog Day scenario," says Pepper. 

"When the ICO released its Q1 statistics last year it showed that between April and June 2018 3416 data security incidents were reported, most of which were again down to human error, failed processes and inadequate policies," he says. 

"The data revealed that of those 3146 security incidents incorrect disclosure of data accounted for 65%, as opposed to external cyber threats caused by malware, ransomware, brute force attacks and phishing, which accounted for around 13%."

Link image
You’re invited to the future of work: A pandemic spotlight
The time for hyperautomation is now. With experimentation and exploration, you can take an automation mindset & create a future-ready workforce today. Learn how on 29 September from 11.30am AEST. Register now.More
Story image
Lenovo DCG releases agility-focused HCI and cloud solutions
Lenovo is addressing the rise of remote work by delivering an open platform of HCI solutions in partnership with Nutanix, Microsoft and VMWare.More
Story image
Three ways cloud can contribute to a transformation goal
Cloud technology plays a pivotal role in successful transformations and can see businesses thrive and grow; however, this depends on the business mindset and approach to cloud, writes Thomas Duryea Logicalis CTO Toby Alcock.More
Story image
Blue Prism extends human-to-digital worker collaboration with new Interact capability
Blue Prism Interact is a human-to-digital worker collaboration capability that enables employees to team up with digital workers to initiate, instruct, verify, receive, and authorise a variety of business processes through the digital workforce.More
Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More