One glaring fact remains constant in cyber security: human error is still significant in most cyber security incidents.

Stanford University researchers found that employee mistakes cause a staggering 88% of all data breaches. If that statistic doesn't grab your attention, perhaps Verizon’s 2023 Data Breach Investigations Report will. It revealed that a whopping 74% of all breaches involve the human element in some way, whether through error, privilege misuse, stolen credentials, or social engineering.

As we delve deeper into the world of human error in cyber security, it's essential to identify the various aspects, the types of errors, and, most importantly, how to mitigate them.

Human error comes in various forms, but two primary categories are skill-based and decision-based errors. Skill-based errors occur when individuals make mistakes during routine tasks, often due to distractions or fatigue. Decision-based errors, on the other hand, stem from flawed judgment, such as opening a suspicious email attachment or sharing sensitive information unintentionally.

Examples of Human Error in Businesses

1. Mis-delivery: This error occurs when sensitive information is sent to the wrong recipient. In 2018, an NHS practice accidentally revealed the email addresses and names of over 800 patients who had visited HIV clinics. Misdelivery was the fifth most common cause of cyber security breaches, according to Verizon's 2018 breach report.
2. Insecure Passwords: Weak or reused passwords can be a ticking time bomb. If employees use easy-to-guess passwords or share them inadvertently, it can lead to security breaches.
3. Physical Security Errors: Neglecting physical security measures, like leaving sensitive documents unattended or failing to lock a workstation, can also result in data breaches.

Mitigating Human Error in Cyber Security

Mitigating human error requires a multifaceted approach:

1. Privilege Control: Ensure employees can only access the data and functionality required to perform their roles. This limits exposure, even if an employee makes an error leading to a breach.
2. Password Management: Promote password manager applications to create and store strong, unique passwords—mandate using two-factor authentication (2FA) to add an extra layer of protection.
3. Create a Security-Focused Culture: Encourage open discussions, make it easy for employees to ask questions, and use posters and reminders to reinforce cyber security best practices throughout the organisation.
4. Focus on Training: Regularly train employees on cyber security awareness, including recognising phishing attempts and following security protocols.

Why Focus on Mitigating Human Error?

The question now is, why should companies prioritise mitigating human error in cyber security? The answer lies in the staggering cost of data breaches. According to IBM's Cost of Data Breach Report 2023, the average global cost of a data breach rose to USD 4.45 million, a USD 100,000 increase from 2022. Since 2020, when the average total cost of a data breach was USD 3.86 million, the average total cost has increased by 15.3%. These numbers make it clear that the financial implications of data breaches are substantial and continue to rise.

Human error remains a significant and costly challenge in cyber security. Companies must focus on mitigating these errors through proactive measures, employee training, and establishing a security-conscious culture. By doing so, they can reduce the risk of data breaches and safeguard their sensitive information and bottom line.

Want to start reducing human error in your organisation? Get in touch...