Humans are the weak link

35% of data breaches were caused by human error last year.

  • 1 month ago Posted in

New survey data from’s Impact of Technology on the Workplace report has found that human error caused 35% of data breaches last year, revealing that humans are the weak link when it comes to business security.

The survey of 1047 US business leaders found that 23% of data breaches were caused by phishing attacks and 12% were down to employee error, such as sending an email to the wrong person.

While the data breach landscape continues to diversify,’s research shows that one of the biggest threats to business security lies internally - specifically, the errors made by employees. “Human error” - such as sending a document to the wrong address - is still at the centre of a significant number of cyberattacks experienced by businesses.

Phishing attacks, which mostly rely on employee interaction with a link or fake landing page, proved to be the top reason for data breaches experienced by surveyed business leaders in 2023.

One business leader spoke to about their company falling victim to a phishing email attack, revealing that the email was “sent on a Friday evening, exploiting the reduced vigilance typical of week’s end”. This allowed the threat actor a 36-hour window before detection. The individual shared that a “special response team” of legal, IT, and communication stakeholders was required to devise a rescue plan and address impacted clients via email.

Top Reasons for Data Breaches in 2023, According to’s Research:

1. Phishing attack (23%)

2. Computer virus (malware, ransomware) (22%)

3. Employee error (12%)

4. Advanced persistent threat (APTs) (9%)

5. Unsecure Wi-Fi (8%)

6. Unencrypted data intercepted (7%)

7. Third-party vendor error (7%)

8. Denial of service (DoS) Attack(s) (6%)’s Lead Writer, Aaron Drapkin, comments:

“While businesses should be taking every available opportunity to bolster their defenses against cyberattacks, recognizing the threat posed internally by human error and complacency - and taking steps to mitigate it - is an equally vital component of any comprehensive cybersecurity strategy.

A company can install the most high-tech security software you can find, but if its employees don’t know how to spot the telltale signs of a phishing email - and don’t understand the ramifications of sending data to the wrong person, even in error - they’ll continue to put their customers, clients, and themselves at risk.

This is why it’s so important to ensure that all your employees are put through rigorous cybersecurity training, understand company policies that govern how data should be handled and stored, and know the steps they need to take in the event of a breach. With the threat landscape continuing to evolve at a rapid pace - and breach recovery costs so high - it’s one of the most worthwhile investments you can make.”

Collaboration expands security offerings and enhances data integrity across diverse digital...
New innovations in Darktrace ActiveAI Security Platform provide more complete visibility across the...
Cloudflare onboards enterprises under attack through Booz Allen collaboration, a fast track to...
Sophos has formed a strategic partnership with Tenable to provide Sophos Managed Risk, a worldwide...
New platform launched to offer organisations with a unified view across their entire cyber security...
RETN has launched its new DDoS Mitigation Platform, designed to combine cutting-edge cyber security...
Keeper Security has released its 2024 Keeper Security Insight Report, The Future of Defense: IT...
Aryaka says that it is transforming global secure networking with the launch of Aryaka Unified SASE...