Human Error-Related Data Breaches On The Rise

New information which was obtained via a freedom of information request has found that there has been a worrying increase in the amount of data breaches which are caused by human error.

The figures were brought to light by an FOI request made to the Information Commissioner’s Office by Egress Software Technologies, an encryption provider.

Egress found that during the first quarter of 2014, 25 per cent of reported data breaches were down to the accidental loss or destruction of personal data – which is up 15 per cent on the second half of 2013. A large percentage of these incidents, 43 per cent to be precise, were cases of sensitive info being accidentally emailed, faxed or posted to the wrong person.

In actual fact, only 7 per cent of breaches happened due to technical failures, with 93 per cent occurring as a result of human error, lack of care when dealing with data, or poor processes which organisations have in place.

Indeed, Egress notes that when it comes to penalties levied by the ICO for data slips, no fines have actually been imposed concerning breaches caused by technical failures, whereas £5.1 million has been extracted from various organisations for mistakes made when handling sensitive data.

£600,000 worth of penalties were imposed for emailing sensitive details to the wrong recipient alone.

CEO of Egress, Tony Pepper, commented: “What these statistics demonstrate is that training alone is not the answer. Organisations have put huge emphasis on process driven training, but the fact that 93 per cent of all incidents between January and March 2014 were caused by human error or failure to carry out effective process demonstrates that a change in approach is needed.”

“Organisations need to make data protection a priority. Where possible, fax and post must be replaced by secure electronic communication that is procured in its own right. Solutions that are easy to use yet offer comprehensive protection and control have been developed to mitigate the risk of a data breach, so it is mystifying why organisations are not implementing them to reduce their liability.”

When looking at reported breaches between April and June 2013, compared to the same period this year, healthcare organisations topped the list of offenders with 91 breaches that doubled up to 183 in 2014. The insurance sector saw increases of 200 per cent, and education was up 56 per cent among other large increases.

To date, since 2010, the ICO has issued penalties which total over £6.7 million, with public sector organisations being hit by £4.5 million of that sum.