Human Error Linked to 60 per cent of Security Breaches


60 per cent of UK businesses have fallen victim to a cyberattack and/or data breach as a result of human error. These mistakes have held businesses back for days, according to recent research by Gallagher.

1,000 UK business leaders were polled by the global insurance policy to find out more about their exposure to cyber-risk. It was revealed that as many as 3.5 million companies in the UK may have suffered losses due to human error. Data loss and downtime were two potentially dangerous consequences of a cyber-attack.

30 per cent said that their business was down for 4-5 days, while a similar number claimed up to three days of organisation disruption.

In 14 per cent of incidents, customer data was stolen, with the risk of exposing these organisations to data protection fines.

It’s not all bad

However, business leaders are putting the plan to mitigate insider threat to the forefront of their tactics. 71 per cent expressed concern with human error increasing cyber-risk. 64 per cent of these claimed they regularly remind staff of these risks.

A further 42 per cent have invested in off-the-shelf packages and 39 per cent in customised tools to keep their business protected. However, only 39 per cent claimed to have sought external advice on how they can efficiently manage cyber-risk.

This is crucial as we continue to see developments in the threat landscape and as cyber-criminals adapt their skills in tricking employees into doing their bidding, according to Tom Draper, head of cyber at Gallagher.

“However, by businesses taking a comprehensive, multi-layered approach to cybersecurity – including ensuring they have the appropriate insurance in place – establishing effective training programs for employees, and implementing technologies that secure the most sensitive data, they can save both money and resources in the long run, while also helping to mitigate the potential threat of an attack,” he concluded.

Recent data from the Ponemon Institute shows that the volume of insider cybersecurity incidents has risen by 47 per cent since 2018. During the same period, costs have risen by 31 per cent, reaching $11.5 million on average per incident.