Human Error: The Reason behind 88% of all UK Data Breaches

Cybersecurity news media are very active with these days, telling the story of doom and gloom everywhere. However, there is a considerable possibility that cybersecurity issues were not due to external attacks, but plain human error. That was the precise result of a study by Kroll, a risk solution firm. In the study, around 88% of UK data, breaches were due to human error and not by hackers. Cyber attacks do happen, and those issues are reported by the media as soon as the story is known by their respective representative, but they were only 12% of all IT issues for the last two years.

One accidental situation of releasing confidential customer information is due to human error of the wrong send. According to the study, 37% of data breaches were due to sending the information to the wrong recipient. Wrong sending of a message is very easy to occur through the use of email and fax machine. Also, the cause of the trouble is insecure storage of paper-based and digital information, a printed documented misplaced by a human and uploading of unencrypted content in a cloud storage.

“Effective cybersecurity is not just about technology. Often, companies buy the latest software to protect themselves from hackers but fail to instigate the data management processes and education of employees required to mitigate the risks. The majority of data breaches, and even many cyberattacks, could be prevented by human vigilance or the implementation of relatively simple security procedures,” explained Andrew Beckett, Kroll Cyber Risk Practice managing director.

The issue of secure storage and retrieval of customer data security is the primary highlights of why the European Union has imposed GDPR, it fully took effect last May 25, 2018. All businesses that operate in the EU-member states or interface with EU citizens are expected to comply with the regional law. One such requirement is the strict reporting of a security breach to the EU, 72-hours after its discovery. UK companies are still under GDPR policy until the Brexit process is officially completed.

“Reporting data breaches wasn’t mandatory for most organisations before the GDPR came into force, so while the data is revealing, it only gives a snapshot into the true picture of breaches suffered by organisations in the UK. The recent rise in the number of reports is probably due to organizations’ gearing up for the GDPR as much as an increase in incidents. Now that the regulation is in force, we would expect to see a significant surge in the number of incidents reported as the GDPR imposes a duty on all organisations to report certain types of a personal data breach,” added Beckett.

Any company that failed to comply with GDPR is obliged to pay a maximum of £17.5m, around €20 million or 4% of their global revenue, whichever is higher. In response to GDPR, many global companies have started the adaption of a unified Terms of Service for all their customers. Such a move simplifies their customer service, hence all customers regardless of their location receives a GDPR-compliant customer data handling service.