Data and securityCyber SecurityHuman error ‘responsible for most local government data breaches’

Human error 'responsible for most local government data breaches'

Research finds there were 642 reported cases of data breaches within local government – second only to the health sector in volume

Most data breach incidents in local government were caused by human error, according to new research released by Egress Software Technologies.

Using data received from the Information Commissioner’s office, the software company found that there were 642 reported cases of data breaches within local government – second only to the health sector in volume.

Critically, the findings showed that the many of these incidents are attributed to human error, rather than external threat. The top-ranking incident types were:

  • Theft or loss of paperwork – 24 percent
  • [Other principle 7 failure] – 22 percent
  • Data faxed/posted to incorrect recipient – 19 percent
  • Data sent by email to incorrect recipient – 9 percent
  • Failure to redact data – 5 percent

Additional findings from the research included:

  • The courts and justice sector has experienced the most significant increase in incidents, a 290 percent hike since 2014, placing it in the top five worst affected industries by the last quarter of 2016.
  • Other significant increases can be seen in the central government and finance industries, with 33 percent and 44 percent increases, respectively.
  • The ‘human element’ – where internal staff have made mistakes – accounted for almost half of total data breach incidents: 44 percent October-December 2014, 43 percent 2015, 49 percent 2016.
  • Data shared in error is the single highest contributor to breaches year-on-year resulting from human error, annually, causing roughly one-third of incidents (31 percent 2014, 34 percent 2015, 31 percent 2016).

Tony Pepper, CEO and co-founder of Egress Software Technologies said: “We are all aware that security incidents are rising, but many may not suspect how large a proportion of these are down to error and lack of control over sensitive data.

“What the information from the ICO makes clear is that all businesses need to do more to better protect sensitive information. Meeting this challenge requires a combination of improved employee training and the communication of risks, and the deployment of the right technologies to minimise the number opportunities available for human error to take hold.”

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

3w Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

3w Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

3w Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

3w Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

1m Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

1m Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

1m Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2m Jay Ashar