Reports find data breaches more often caused by human error than cyber attacks.

The Identity Theft Resource Center continues to track year-over-year record-setting numbers of data breaches that compromise millions of consumer records every year. These attacks take many forms, including malware installed on point-of-sale systems, ransomware, phishing and social engineering, and more.

However, new statistics show that an alarming number of compromised records were actually lost due to human error on the part of those who are charged with keeping them safe. Everything from sending out the wrong file, leaving an Amazon S3 server unsecured, or simply losing a laptop or flash drive has been responsible for highly sensitive data falling into the wrong hands.

According to a report by The Register, “2,124 incidents reported by organisations in 2017-18 could be pinned on mistakes or incompetence. Only 292 were classed as having a cyber element.”

A report by The Stack further stated, “Human error breaches were three times higher than the number of cyber attacks executed without human involvement. Emails sent to incorrect recipients (447 incidents), data left unsecured (164) and loss or theft or paperwork (430) were the highest causes of personal data breaches.”

Who is hit hardest?

Unfortunately, organizations that have experienced significantly higher numbers of breaches–both targeted and human error–tend to fall into the service categories.

Healthcare, education, and charities are hot targets due to the amount of sensitive information they gather on patients, students, and donors. Charities were rather hard hit due to the financial information they collect from donors.

By comparison, The Register further reported that actual cyber events weren’t quite the problem that society might envision when they think of data breaches.

“Cyber break-ins were smaller than all of these, with unauthorised access resulting in 102 breach reports. Malware and phishing accounted for 53 and 51 breaches respectively, while 33 reports were attributed to ransomware, 20 to brute-forcing and two denial-of-service attacks.”

What can be done?

Of course, one of the most prevalent mistakes users can make when it comes to cybercrime is failing to use antivirus software.

While tech news outlets have recently claimed antivirus software is largely useless, any sort of protection–especially at the affordable rates most major AV solutions developers offer–is a good thing.

Want to learn more? Check out the beginner’s guide to malware, viruses and spyware online.