The Role of Human Error in Cybersecurity Breaches

April 27th, 2021

While faulty software or a backend development problem causes noteworthy breaches, the number one reason for a breach is a human error by employees. These breaches allow critical data to be compromised, causing a ripple effect of downtime to systems, networks and devices - or even threatening your reputation with current and potential clients. As mentioned previously in our blog, Catch a Phish Before It Catches You, the average cost of a data breach in 2020 was a staggering $3.86 million.

A mistake made by an employee causes approximately 88% of all data breaches

Human Error is Still #1 Risk Factor

 A recent study, "Psychology of Human Error", found that a mistake made by an employee causes approximately 88% of all data breaches. The study also states that nearly 50% of the employees are "very" or "pretty" certain they have made an error at work that could have led to security issues for their company.

The risk of a breach caused by human error reduces with regular education and awareness around cyber threats. An organization with a strong cybersecurity and awareness program can answer yes to the following questions from Defendify's free Cybersecurity Health Checkup:

  • Are there written rules on how employees are expected to use company technology devices and data?
  • Do employees receive ongoing alerts about new cybersecurity threats, topics, and trends that may impact your organization?
  • Are employees regularly tested to see if they might click on bad links or open unknown files in suspicious emails?
  • Do your employees receive ongoing, regular awareness training on cybersecurity safety, topics, and best practices?
  • Are there cybersecurity safety notices and posters displayed in your facility or shared electronically?

If the answer is "no" to some or all questions listed above, it is time to bolster cybersecurity awareness through training and instilling policies throughout the organization. All employees, including everyone from the C-Suite to an intern, are responsible for cybersecurity. Although, many do not have an awareness of how to identify and respond to an active threat.

Password Hygiene

An alarming number of breaches are due to employees practicing poor password hygiene habits. In 2019 about 80% of data breaches were caused by password compromise. Implementing policies and awareness training around the importance of proper password hygiene will drastically reduce the chances an organization is breached because of human error. Here are a few tips for creating a strong password:

1. Avoid personal information. It's just too easy to guess. Attackers sometimes use a compiled personal information database to more guess passwords.

2. Make it long. When you add characters to a password, the number of possible combinations for a brute force attack grows exponentially. Experts recommend at least 13 characters, but this recommendation will increase as brute force attacks become faster and more advanced.

3. Don't recycle passwords. It's important not to reuse a password, no matter how strong. If one account is breached, the first thing an attacker will do is try the same login for other, potentially more critical, sites. The average person reuses each password 14 times

4. Use Passphrases. A long, strong, and memorable passphrase is one excellent method. For example, use a string of unrelated words, ideally with extra characters (e.g., "hammer-jumping Fuzzy Creator." Or try a longer sentence like, "I want to eat some cotton candy!". And you can find a whole lot more from ConnectSafely.

5. Use a password manager. A password manager can create and store strong and unique passwords for each of your accounts. This management system takes the guesswork out of creating a new password for each account and manages all of them in one place.

Use Defendify's Stolen Password Scanner to find out if your password is on the dark web.

Cyber Awareness Reduces Human Error

Implementing regular awareness and education around cybersecurity is essential to reducing breaches caused by human error. Still, it is easier said than done, especially for organizations without a dedicated security team. Creating policies that include proper password hygiene, continuous education, and awareness training take resources that most businesses simply do not have to spare. But, with Defendify's All-in-One Platform, you can instill that continuous employee awareness and institutional knowledge around cybersecurity without dedicating an entire team to the ongoing effort.

Start bolstering your cybersecurity today by evaluating your cybersecurity health. A grade from our free Cybersecurity Health Checkup allows any organization to see your current state of cybersecurity quickly and gives you an avenue on how to improve your overall cybersecurity, including employee awareness.

More resources about cybersecurity awareness and education

Webinar: How to Spot a Phish: Tips to Spoil Advanced Phishing Attempts

Blog: Catch a Phish Before It Catches You

Free Tools from Defendify: Health Checkup, Vulnerability Scanner, and Threat Alerts

Your cart