Data Breaches are mostly caused by user error

90 per cent of cyber data breaches were caused by user error last year, according to the analysis of data from the UK’s Information Commissioner’s Office (ICO) by the cybersecurity awareness and data analytics company, CybSafe.

In 2019, UK organisations reported more cybersecurity breaches to the ICO than ever before. A total of 2,376 reports were sent to the public body last year, up from 540 in 2017, and 1,854 reports in 2018 – the year that GDPR came into force.

Of those breaches reported in the last year, 90 per cent could be attributed to mistakes made by end-users. This represents an increase over 2017 and 2018 when respectively, 61 per cent and 87 per cent of cyber breaches could be ascribed to user error.

It was identified that phishing was the primary cause of 2019 breaches, accounting for 45 per cent of all reports. In 2017, only 16 breach reports were made to the ICO as a result of successful phishing attacks. This jumped to 877 phishing reports in 2018, and in 2019, UK organisations reported a record 1,080 phishing-related breaches to the ICO.

Behind phishing, ‘unauthorised access’ was the second most common cause of cyber breaches last year, with 791 breaches reported to the ICO. Other notable causes for breaches included 243 reports related to malware or ransomware, 64 related to hardware/software misconfiguration, and 34 related to brute force password attacks.

This analysis shows it’s almost always a human error that enables attackers to access encrypted channels and sensitive information. Staff can make a variety of mistakes that put their company’s data or systems at risk, often because they lack the knowledge or motivation to act securely, or simply because they accidentally slip up.”

“Though shocking, these statistics shouldn’t provoke a negative reaction. Employees of course pose a certain level of cyber risks to their employers, as seen in our findings thus far. Nevertheless, people also have an important role to play in helping to protect the companies they work for, and human cyber risk can almost always be significantly reduced by encouraging changes in staff cyber awareness, behaviour, and culture.”

“The most recent annual Cyber Security Breaches Survey from the government found staff from just under three in ten businesses have attended internal or external cybersecurity training in the last 12 months. So at a national level, there’s clearly lots of room for improvement.”


Your IT solution is here – Urban Network

We provide a trusted, competitive and impartial service to our wide range of customers throughout Greater London and beyond.

Urban Networks’ team of talented IT professionals can make your tech problems a thing of the past. With a comprehensive portfolio of managed cloud and on-premise services, Urban Network will deliver the best complete IT solution to your business.