The Greatest Threat to Your Data Security May Be Yourself

By Casey C. Sullivan, Esq. on May 12, 2015 | Last updated on March 21, 2019

According to a new study by Baker Hostetler, one of the nation's largest intellectual property focused law firms, most data breaches are caused by human error, not hackers or malware. In a review of over 200 data breach incidents, the firm found employee negligence to be the leading cause of breaches.

That's right -- those Russian hackers are less a threat to your company's security than its own employees, whose negligence or theft was responsible for more than half of all breaches examined.

The Survey Says ... Watch Out for Your Workers

According to the report, employee negligence was responsible for data security breaches in more than one third of the cases. The leading causes Baker Hostetler identified were:

Employee negligence, responsible for 36 percent of breaches
Theft by outsiders, 22 percent
Theft by insiders, 16 percent
Malware, 16 percent
Phishing attacks, 11 percent

Internal negligence and theft were responsible for 52 percent of all breaches, more than breaches by outsiders, who caused only 47 percent of all incidents examined.

The data breaches were not limited to single industries either. All industries were effected, with education, financial services, real estate, retail, professional services and hospitality receiving the most breaches. Data breaches were most severe, by far, amongst professional service industries.

Faster Detection, Faster Responses Needed

The report recommends increasing response and detection times. Only two thirds of the incidents surveyed were self-detected and most breaches were discovered more than four months after they had occurred. Four months! Faster detection and response times could, according to the study, allow attacks to be stopped in their early stages. Early responses also mean there is more evidence to help companies determine how the breach occurred and who and what may have been affected by it.

In-house counsel looking to up their company's data security have even more reason to mandate I.T. security training for all employees. Teaching simple preventative measures can help employees avoid the sort of negligence that may lead to a breach, as well as increase workers' ability to detect and avoid theft, malware and phishing. Cyberinsurance as well may be helpful when dealing with the aftermath of a breach.

Interestingly, it's not just electronic data that is at risk. According to the report, more than a fifth of all data breaches involved paper records.

Related Resources:

Data Breaches Mostly Caused by Human Error, Report Says (Inside Counsel)
In-House Attorneys' Game Plan for Data Breaches and Cybersecurity (FindLaw's In House)
Your Company's Data Breach May Be the Least of Its Problems (FindLaw's In House)
Cybersecurity Law Firms: You're Just Using Me for my Privilege (FindLaw's In House)