New survey data from Tech.co’s Impact of Technology on the Workplace report has found that human error caused 35% of data breaches last year, revealing that humans are the weak link when it comes to business security.
The survey of 1047 US business leaders found that 23% of data breaches were caused by phishing attacks and 12% were down to employee error, such as sending an email to the wrong person.
While the data breach landscape continues to diversify, Tech.co’s research shows that one of the biggest threats to business security lies internally - specifically, the errors made by employees. “Human error” - such as sending a document to the wrong address - is still at the centre of a significant number of cyberattacks experienced by businesses.
Phishing attacks, which mostly rely on employee interaction with a link or fake landing page, proved to be the top reason for data breaches experienced by surveyed business leaders in 2023.
One business leader spoke to Tech.co about their company falling victim to a phishing email attack, revealing that the email was “sent on a Friday evening, exploiting the reduced vigilance typical of week’s end”. This allowed the threat actor a 36-hour window before detection. The individual shared that a “special response team” of legal, IT, and communication stakeholders was required to devise a rescue plan and address impacted clients via email.
Top Reasons for Data Breaches in 2023, According to Tech.co’s Research:
1. Phishing attack (23%)
2. Computer virus (malware, ransomware) (22%)
3. Employee error (12%)
4. Advanced persistent threat (APTs) (9%)
5. Unsecure Wi-Fi (8%)
6. Unencrypted data intercepted (7%)
7. Third-party vendor error (7%)
8. Denial of service (DoS) Attack(s) (6%)
Tech.co’s Lead Writer, Aaron Drapkin, comments:
“While businesses should be taking every available opportunity to bolster their defenses against cyberattacks, recognizing the threat posed internally by human error and complacency - and taking steps to mitigate it - is an equally vital component of any comprehensive cybersecurity strategy.
A company can install the most high-tech security software you can find, but if its employees don’t know how to spot the telltale signs of a phishing email - and don’t understand the ramifications of sending data to the wrong person, even in error - they’ll continue to put their customers, clients, and themselves at risk.
This is why it’s so important to ensure that all your employees are put through rigorous cybersecurity training, understand company policies that govern how data should be handled and stored, and know the steps they need to take in the event of a breach. With the threat landscape continuing to evolve at a rapid pace - and breach recovery costs so high - it’s one of the most worthwhile investments you can make.”