Human Error Becomes GDPR Data Breach Trend in 2020

Human error has been widely reported to have caused 90% of cyber data breaches in 2019. Information provided by the UK Information Commissioner’s Office (ICO) has lead security experts to believe that nine out of ten of the 2376 reported cyber-breaches were caused by mistakes made by end-users.

While at a glance that statistic can be used to draw snap conclusions and generalizations, in all actuality it is less useful than it may originally appear. In the raw data provided by the ICO, “human error” covers a huge variety of cases – anything from system glitches to unauthorized disclosure to successful phishing or spear-phishing campaigns. So while it does make for a good catchy one-liner, the declaration of some security experts that nine out of ten breaches have been caused by human error is rather uninformative.

What is good to know is that approximately 32% of confirmed data breaches in the last year or so have involved phishing of one sort or another. Naturally, this number can vary depending on different factors, but it originates from Verizon’s 2019 Data Breach Investigations Report (DBIR). According to said report, approximately one-third of all reported data breaches involved phishing of one type or another.

Reports also indicate that in spite of the campaigns and courses aimed at raising awareness of the issue, the world, in general, is woefully unprepared for such attacks. One leading cyber awareness training organization notes in their 2020 Phishing By Industry Benchmarking Report that nearly forty percent of users who don’t undergo some sort of dedicated cyber awareness training are likely to fall prey to a well-thought-out phishing attack.

That’s a serious issue when you consider the fact that research indicates that 84% of small to medium businesses that have anything to do online have reported being targeted by phishing attacks.

А GDPR data breach survey done in January 2020 reported that there had been 160,921 personal data breaches within the European economic area from May 25, 2018, up until the point of the survey. Companies confirmed to have mishandled user data by the data protection authorities have incurred GDPR fines totaling €153 million. In spite of this, and the looming threat of a fine that could reach €20 million or 4% of the company’s worldwide annual revenue, whichever is higher, companies are still reluctant to report data breaches properly, and IT security experts estimate that the hundreds of thousands of breaches noted in the GDPR statistics are far from accurate.

What Should You Make of all of This?

Internet users need to become aware of the dangers that lurk online. It’s a good idea for both regular users and providers of online services to stay on top of the IT security industry’s best practices. Additionally, people need to become aware that there is no substitute for a solid IT security solution, and that going without one or with a mediocre one can have dire consequences.