You’re only as strong as your weakest link, and in the case of cybersecurity, that weakest link is an employee.
According to OAIC’s Notifiable Data Breaches Report in 2021, human error was the cause of 74% of data breaches notified by the Australian Government.
To put it another way, just a quarter of breaches weren’t caused by human errors.
Some examples of human errors include:
– Accidentally sending personal information to the wrong email – Accidental release of sensitive information – Loss of data storage devices
Even prestigious Australian businesses are vulnerable to data breaches caused by human errors. In 2018, the Australian National University suffered a data breach that compromised 200,000 students.
The cause of the breach?
An ANU staff member interacted with a spear-phishing email.
These are very costly accidents to make. Australia’s average data breach damage cost is now $3.35 million (an increase of 9.8% year on year).
Though these stats are very concerning, there’s a bright silver lining.
Human errors are not made on purpose. They’re mistakes which means they can quickly be addressed with the proper guidance. And since human error accounts for such a high volume of breaches, a majority of data breaches could be prevented by addressing them.
The most effective method for reducing human errors is with security awareness training. Security training teaches staff how to identify common cybercriminal tactics and correctly respond to them.
It’s the responsibility of every organisation to ensure their staff are aware of the common errors leading to data breaches. Given the monstrous damage costs of data breaches, security awareness training is one of the most valuable business investments you can make.
How do you reduce the risk of phishing compromise in your organisation? I’d love to know your thoughts.