Human error to blame for eight out of 10 data breaches

New analysis by CybSafe of data from the UK Information Commissioner's Office shows 80 percent of data breaches reported in 2021 were caused by user error.

A total of 2,692 reports were sent to the ICO last year 80 percent of which could be attributed to actions taken by end-users, though this is down from 90 percent in 2020.

Oz Alashe, CEO of CybSafe, says:

As identified in the analysis, human error is a major contributing factor enabling attackers to access sensitive information and encrypted channels within organizations. Cybercriminals will often identify the route of least resistance and exploit the vulnerabilities of employees. Therefore, it is crucial that we shift our focus onto user security behaviors within our businesses.

To combat the threat of cyber security breaches, we need to get rid of box-ticking awareness exercises and address the human aspect of cyber security to achieve genuine behavioral change. An empathetic and understanding approach is likely to have the desired outcome of improving employees' security awareness and their behavior, without negative consequences.

Addressing this issue is key to reducing successful attacks against organizations. People have an important role to play in helping to protect the companies they work for, and human cyber-risk can almost always be significantly reduced by encouraging changes in staff cyber-awareness, behavior, and culture.

Phishing was the primary cause of breaches in 2021, accounting for 29 percent of all reports, though again this is down on 2020 when nearly 38 percent of breach reports were made to the ICO as a result of successful phishing attacks.

Ransomware became the second most common cause of cyber breaches last year. Causing 20 percent of all incidents, with 692 reported over the year.

You can find out more about the human element to cybersecurity on the CybSafe site.

Photo Credit: sukiyaki/Shutterstock