Data and securityCyber SecurityHuman error ‘responsible for most local government data breaches’

Human error 'responsible for most local government data breaches'

Research finds there were 642 reported cases of data breaches within local government – second only to the health sector in volume

Most data breach incidents in local government were caused by human error, according to new research released by Egress Software Technologies.

Using data received from the Information Commissioner’s office, the software company found that there were 642 reported cases of data breaches within local government – second only to the health sector in volume.

Critically, the findings showed that the many of these incidents are attributed to human error, rather than external threat. The top-ranking incident types were:

  • Theft or loss of paperwork – 24 percent
  • [Other principle 7 failure] – 22 percent
  • Data faxed/posted to incorrect recipient – 19 percent
  • Data sent by email to incorrect recipient – 9 percent
  • Failure to redact data – 5 percent

Additional findings from the research included:

  • The courts and justice sector has experienced the most significant increase in incidents, a 290 percent hike since 2014, placing it in the top five worst affected industries by the last quarter of 2016.
  • Other significant increases can be seen in the central government and finance industries, with 33 percent and 44 percent increases, respectively.
  • The ‘human element’ – where internal staff have made mistakes – accounted for almost half of total data breach incidents: 44 percent October-December 2014, 43 percent 2015, 49 percent 2016.
  • Data shared in error is the single highest contributor to breaches year-on-year resulting from human error, annually, causing roughly one-third of incidents (31 percent 2014, 34 percent 2015, 31 percent 2016).

Tony Pepper, CEO and co-founder of Egress Software Technologies said: “We are all aware that security incidents are rising, but many may not suspect how large a proportion of these are down to error and lack of control over sensitive data.

“What the information from the ICO makes clear is that all businesses need to do more to better protect sensitive information. Meeting this challenge requires a combination of improved employee training and the communication of risks, and the deployment of the right technologies to minimise the number opportunities available for human error to take hold.”

Related Articles

Cyber security is about much more than technology

Cyber Security Cyber security is about much more than technology

6d Austin Clark
Q&A: How cyber security is changing in the public sector

Cyber Security Q&A: How cyber security is changing in the public sector

1m Austin Clark
NCSC defends UK from more than 10 cyber attacks a week

Cyber Security NCSC defends UK from more than 10 cyber attacks a week

2m Austin Clark
GDS clarifies private sector access to GOV.UK Verify

Cyber Security GDS clarifies private sector access to GOV.UK Verify

2m Austin Clark
Is automation essential in the cyber security battle?

Cyber Security Is automation essential in the cyber security battle?

3m Austin Clark
Please mind the security gap between the premises and the cloud

Cloud Computing Please mind the security gap between the premises and the cloud

3m Guest Writer
NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

Cyber Security NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

4m Austin Clark
Best form of defence: Is the Government's cyber strategy on the right track?

Cyber Security Best form of defence: Is the Government's cyber strategy on the right track?

4m Guest Writer