Human Error Is The Lead Cause Of Data Breaches. What Can You Do?


Share on LinkedIn

In 2014, IBM published the Security Services 2014 Cyber Security Intelligence Index report. According to this document, over 95% of the security breaches investigated had human error as a contributing factor. That points out to the fact that the classic idea of a hacker cracking code from their basement makes out a fraction of cyber-attacks — most breaches involve simple email use.

In 2018 the UK’s Information Commissioner’s Office (ICO) reported a similar finding. 88% of data breaches in the past two years were caused by human error. The study was made on the lead up to the UK tightening up its cybersecurity laws.

A 2019 report by Kaspersky Lab found similar numbers. 90% of corporate data breaches in the cloud happened due to human error, not software flaws.

These numbers mean that if company employees were more careful, at least 18 out of every 20 data breaches would never have happened. All of this may have something that as of 2018, “123456” was still the most popular password in the world; followed by the word “password” as a close second.

We know what the world’s most popular passwords are due to information collected from — you guessed it — data breaches.

The customer cost of data breaches

A breach of company data is bad, but that can sometimes be kept internal. Be swept under the rug. A breach of customer data, on the other hand, is a costly and embarrassing mishap that may ruin customer trust in the company forever. Studies have shown that many customers who had their data leaked by a company never trusted that company with their information again. It tends to have a permanent negative impact on the company’s brand.

The good news is: there are simple things you can do to help tighten security around customer data. And it all has to with keeping a proactive cybersecurity culture within the company. The risk of human error is very hard to eliminate from a system, but you can reduce its incidence, and greatly reduce the cost of individual errors.

1 – Educate your employees

Education alone is not enough. Most people find it very annoying to be lectured to about cybersecurity, and let’s face it, you won’t enjoy the lectures either. But basic education on the do’s and don’ts is a crucial first step for any company.

Consider using five-minute educational videos with plenty of graphics and practical examples. Those will often get across better than a one-hour seminar on the history of phishing.

2 – Phishing and how to prevent it

Phishing consists of impersonating a trustworthy entity in online communications (often emails) in order to obtain sensitive information. There are a variety of ways you can identify and avoid a phishing attack, but most regular users don’t even check the sender’s email before responding to a request. They are unprepared.

Beyond basic education, one way you can tighten security against phishing is to run corporate-wide phishing simulations. This is a safe way to train your employee’s eyes and see who the weak links in the company are. Those who consistently fail the simulations need to either receive further training or have their access privileges limited.

3 – Password security

As said before, “123456” was the most popular password in the world as of 2018. If you’re curious, Wikipedia has a list with the top 25 passwords. “123456” was never out of the top 3.

Education in proper password practices is a start, of course. You should also consider making the use of password managers mandatory for access to corporate accounts and sensitive data.

4 – Access to IT support

Finally, giving employees easy access to IT support services can help improve general security. That will allow them to ask questions, report breach attempts, and it can help contain the damage if a breach of customer does happen in your company.

Haris Saeed
An experienced professional with more than 9 years of working experience and a performance leader in internet technologies, including -Web Research, Analysis and Architecture Search Engine Optimization.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here