Just Why Are So Many Cyber Breaches Due to Human Error?
Often mentioned but seldom probed in the media is the biggest reason behind cybersecurity breaches – employee error. Two facts about this stand out. One is just how overwhelming employee errors are. The other is that the fault lies largely in the lap of companies themselves, not their workers.
Let’s start with a statistic. A joint study by Stanford University Professor Jeff Hancock and security firm Tessian has found that a whopping 88 percent of data breach incidents are caused by employee mistakes. Similar research by IBM Security puts the number at 95 percent.
Moreover, when a breached company finds the cause of the attack and the human culprit, the reaction is typically stern. According to Tessian, its aforementioned study, “Psychology of Human Error 2022, ” one in four such employees lose their job within about a year, even though more than half of employees fall for a phishing email because the attacker impersonated a senior executive at the company.
They and surviving employees typically feel guilty and, predictably, fewer of these employees are reporting their mistakes.
This approach isn’t working. This isn’t to say that employees shouldn’t be held accountable. But after a proper lecture and probably a mandate to embrace more cybersecurity training, the focus should be on helping the employee do better in the future. Rejection helps nobody.
Ultimately, the mitigation of human error has to come from two angles – reducing opportunity and educating users. The fewer opportunities there are for an error, the less users will be tested. And the more knowledge they have, the less likely they are to make a mistake even when they face an opportunity to do so.
Most companies have done a pretty good job on the reduction of opportunity by typically investing time and money into bolstering their cyber defenses and supporting technology. They typically have a long list of anti-virus solutions, software and operating system patches, virtual private networks and vulnerability scanning across devices. Encryption is also becoming common.