Despite all the modern security solutions in our increasingly digital world, employees still make mistakes that may lead to data breaches. Human error caused 90% of cyber data breaches in 2019, marking yet another increase year on year. CEO of CybSafe, Oz Alashe said:
“It’s almost always human error that enables attackers to access encrypted channels and sensitive information. Staff can make a variety of mistakes that put their company’s data or systems at risk, often because they lack the knowledge or motivation to act securely, or simply because they accidentally slip up”.1
The average cost of a data breach has risen 12% over the last 5 years to a staggering £3.1million.2 A cyber liability insurance policy can protect your business in the event of human error, but your best line of defence is having well-informed and vigilant employees.
Below are some examples of some of the most common types of human error leading to data breaches.
Sending valuable data to incorrect recipients via email
Earlier this year in Shropshire, 250 email addresses were exposed in a data breach by Shropshire Council. The simple act of sending an invitation to a webinar resulted in an investigation after recipients could see each other’s email addresses. An individual had failed to use BCC, instead putting all recipients in the ‘to’ field. Shropshire council’s data protection officer undertook a risk assessment and had to disclose the incident and confirm action taken to the Information Commissioner’s Office (ICO).3
Accidentally emailing documents with sensitive data
A hospice claimed against their cyber liability policy with specialist insurer, Beazley, when an employee emailed a report of patient referrals and admissions to themselves via an unsecured channel on two separate occasions. The data sent in the reports included 818 patient names and admission details. The employee of the hospice, which serves about 370 terminally ill patients daily, was said to have been emailing spreadsheets to a personal email account in order to complete work from home.4
Publishing confidential data on public websites by mistake
In August 2020, nearly 400 people in Powys were impacted by a data breach after they contracted COVID-19. Public Health Wales admitted the mistake, explaining that the data was accidentally uploaded onto a public server. This individual human error meant that the personal information of up to 18,105 people was available to view online for 20 hours before it was removed. The data had been viewed 56 times but there was no evidence of misuse. The Information Commissioner’s Office (ICO) and Welsh Government were informed and an external investigation is underway5.
Misconfiguring assets to allow for unwanted access
Outdated software is a welcome invitation for hackers, as it presents known vulnerabilities. Employees can help cyber-criminals compromise sensitive data by ignoring software updates, disabling security features or downloading unauthorised software2.
Phishing scams
According to information from insurance giant AIG, business email compromise (BEC) has overtaken ransomware and data breaches as the primary reason companies filed a cyber insurance claim in Europe, the Middle East and Asia5. Beazley claims 22% of all BEC incidents take place in the healthcare industry, second only to financial institutions6. In most cases, the compromise can be traced back to a phishing email containing a link or attachment.
Take some of these simple steps to help safeguard your business against phishing attacks:
- Raise awareness:
Make your employees aware of the danger of phishing scams, encouraging staff to be more vigilant when responding to suspicious emails. - Educate your employees:
Front-line staff are your last wall of defence when it comes to phishing scams. Conduct training sessions for your employees with mock scenarios to help them identify phishing emails. - Install antivirus software:
Keep antivirus software up-to-date on all your business equipment. - Have a recovery plan:
Create a reliable recovery plan to help minimise the damage posed by a cyber breach, recover data quickly and keep your business running as smoothly as possible.
Key workers in the health and social care industries are facing a huge challenge with the coronavirus pandemic. While hearts and minds are focused on the task at hand, don’t let the risk of human error rise in the background. Ensure your business is protected by a cyber liability policy, and keep cyber-security front-of-mind for employees by reminding them to accept software updates and allow them to finish, take notice of pop-ups and take the time to improve their knowledge on cyber-security.
Sources:
3 Shropshire Star, December 2019
4 Beazley’s cyber claims data, 2020
5 Countrytimes.co.uk, 14 September 2020
6 AIG Cyber Claims: GDPR and business email compromise drive greater frequencies
Share this article
Read our latest related articles
-
November 07, 2023
Working in Care: Domiciliary Care or Care Homes —Which Is Right for You?
Are you thinking of a new career in care or looking for a change? We compare working in a care home to being a domiciliary carer.
-
October 30, 2023
AI’s cyber challenges and opportunities uncovered
Artificial Intelligence (AI) systems present advantages and opportunities for businesses thanks to advances in computing power. A team from Marsh came together at the recent Future Unlocked event to address the challenges and discuss how businesses can build cyber resilience.
-
October 25, 2023
Cybersecurity: Protecting farmers from cyberattacks
UK farmers face rising cyber threats, including phishing and AI risks. Prioritizing cybersecurity and insurance is crucial for protecting digitalized farming operations.
-
October 17, 2023
How would your customers respond to their data being leaked
As businesses increasingly rely on digital technologies and interconnected systems, we’re likely to see increases in cyber security breaches for SMEs. In this article, we're exploring the ways cyber insurance can protect your business should you experience a cyberattack.
-
October 02, 2023
Artificial Intelligence in Professional Services: Exploring Benefits and Managing Risks
While AI can offer numerous benefits to the professional services sector, it also comes with risks and challenges that must be carefully managed. We're exploring how you can proactively address these issues by staying informed, upskilling, ensuring data security, and navigating ethical and regulatory considerations to maximise the advantages of AI.
-
August 21, 2023
Cyberattacks on industrial control systems: Understanding and mitigating cyber risks for manufacturing businesses
Over the last decade, cyberattacks targeting industrial control systems have surged. The best way to protect your business is to understand what you’re up against.