Human error caused 90% of cyber data breaches in 2019, according to a CybSafe analysis of data from the UK Information Commissioner’s Office (ICO).
According to the cybersecurity awareness and data analysis firm, nine out of 10 of the 2376 cyber-breaches reported to the ICO last year were caused by mistakes made by end-users. This marked an increase from the previous two years, when respectively, 61% and 87% of cyber-breaches were ascribed to user error.
CybSafe cited phishing as the primary cause of breaches in 2019, accounting for 45% of all reports to the ICO. ‘Unauthorized access’ was the next most common cause of cyber-breaches in 2019, with reports relating to malware or ransomware, hardware/software misconfiguration and brute force password attacks also noted.
Oz Alashe, CEO of CybSafe, said: “As this analysis shows, it’s almost always human error that enables attackers to access encrypted channels and sensitive information. Staff can make a variety of mistakes that put their company’s data or systems at risk, often because they lack the knowledge or motivation to act securely, or simply because they accidentally slip up.”
However, Alashe was quick to argue that the statistics should not provoke a negative reaction.
“Employees of course pose a certain level of cyber-risk to their employers, as seen in our findings thus far. Nevertheless, people also have an important role to play in helping to protect the companies they work for, and human cyber-risk can almost always be significantly reduced by encouraging changes in staff cyber-awareness, behavior and culture.”