Companies living in fear of a data breach need to look closer to home after new research shows that 88% of UK data loss incidents are caused by human error, not cyber attacks.
In the last two years, reports of UK data breaches to the Information Commissioner’s Office have increased by 75%, according to research by risk solutions provider Kroll, but just 12% were the result of malicious attacks.
The data was obtained through a Freedom of Information request to the ICO and covered breaches of personal data, including heath, financial, employment and criminal record information.
The research showed that while data breaches are generally associated with the actions of malicious criminals, this is very rarely the case.
The most common error was to send sensitive data to the wrong recipient, which was the cause of 37% of reported data breaches, with the majority being sent my email. Other common errors included the loss or theft of paperwork, forgetting to redact data or storing data in an insecure location, such as a public cloud server.
Kroll cyber risk practice managing director Andrew Beckett said: “Effective cyber security is not just about technology. Often, companies buy the latest software to protect themselves from hackers, but fail to instigate the data management processes and education of employees required to mitigate the risks.
“The majority of data breaches, and even many cyber attacks, could be prevented by human vigilance or the implementation of relatively simple security procedures.”
Data breach complaints soar by 160% in three months
Top brands caught with trousers down on email security
UK firms ‘leaving themselves wide open to ransomware’
Data breach at games giant CeX hits 2m customers
Data breaches ‘hit shares, sales and growth for years’