Malicious Attacks: 12%

Human error: 88%

“Effective cyber security is not just about technology. Often, companies buy the latest software to protect themselves from hackers, but fail to instigate the data management processes and education of employees required to mitigate the risks.


“The majority of data breaches, and even many cyber attacks, could be prevented by human vigilance or the implementation of relatively simple security procedures.”

Andrew Beckett, Managing Director and EMEA Leader, Kroll’s Cyber Risk Practice

Cause of Data Breaches Reported to the Information Commissioner's Office, 2017-18

Unauthorised access (102)

Malware (53)

Phishing (51)

Ransomware (33)

Other cyber incident (31)

Brute force password attack (20)

Denial of service (2)

Data emailed to wrong user (447)

Data posted or faxed to wrong user (441)

Loss or theft of paperwork (438)

Failure to redact data (256)

Data left in insecure location (164)

Failure to use bcc when sending email (147)

Loss or theft of unencrypted device (133)

Verbal disclosure (46)

Insecure disposal of paperwork (35)

Loss or theft of only copy of encrypted data (16)

Insecure disposal of hardware (1)

“Contrary to the popular belief that cybersecurity and data breaches are all due to malicious attackers trying to break into an organisation and steal data, inadvertent human error is likely to be the biggest reason why a company loses data.


“Misaddressed emails are consistently one of the main forms of data security incident reported to the ICO highlighting the importance of cybersecurity and data protection policy to not only focus on preventing the headline grabbing hacks, but also save your employees from themselves.”

Tim Sadler, CEO,Tessian

Share this article