Key Takeaways
1. One of the largest contributors to cybersecurity risks is human error, which leads to data breaches, cyberattacks, and vulnerabilities that cybercriminals exploit.
2. Human error in cybersecurity can occur because of organizational reasons or employee negligence.
3. I.S. Partners offers a range of cybersecurity solutions—including customized staff training, penetration testing, and internal auditing—to help you reduce human error in cybersecurity.
What Is Human Error and How Does It Relate to Cybersecurity Risks?
Human error in cybersecurity is defined as unintentional actions or oversights by employees that compromise the security of a cyber system. Most data breaches that involve human error typically occur because of employee negligence of best practices or poor decision-making.
Human error has many forms, such as clicking on phishing links sent by threat actors, using weak passwords, or failing to follow security protocols like multi-factor authentication. Another common form is mishandling sensitive information, such as accidentally disclosing confidential data to unauthorized individuals.
Proper and consistent training and performance monitoring can minimize human error. This fosters a culture of accountability where team members understand the importance of data integrity and security. Regular, targeted training from expert auditors ensures that you are equipped to identify and address potential risks proactively.
I.S. Partners’ Director of Cybersecurity Services highlights how the company tailors its training programs to specific industry requirements,
I.S. Partners has deep familiarity with the discrete requirements associated with multiple frameworks and compliance programs. We are able to tailor cybersecurity training and activities such that they perfectly complement and satisfy the parameters of these different requirements – a good example is PCI-DSS which has specific requirements for incident response training and testing.
Human Error in Cyber Security Statistics
Below are some important statistics about human error in cybersecurity incidents.
Key Insights
- About 68% of breaches in a 2024 survey were caused by human factors, such as someone being tricked by a social engineering scam or making an error. In 2023, this number was 74%. [1]
- A survey involving over 1000 participants reported that 95% of cybersecurity issues have some human element. In addition, 43% of all cybersecurity breaches are because of insider threats, both accidental and intentional. [2]
- A study investigating cloud data breaches in 18 countries found that 31% of organizations attributed them to misconfiguration or human error. In the 2023 report, this number was 55%. [3]
- In a 2024 study, 22% of organizations regarded human error as the topmost concerning threat, and 74% regarded it as at least somewhat important. [3]
- In a 2021 survey, 94% of businesses reported encountering insider data breaches over the previous year. Approximately 84% of IT leaders identified human error as the leading cause of major breaches. However, only 21% of respondents considered human error their primary concern. [4]
- A 2021 survey reported about 74% of organizations have experienced breaches due to employees disregarding security protocols, while 73% have faced major breaches stemming from phishing attacks. [4]
- A 2019 report highlights that “misuse of IT resources by employees” was the most frequent cause of breaches, with 50% of small and medium-sized businesses reporting these incidents. [5]
- A 2022 report shows that nearly 49% of breaches caused by human error were due to personal information being mistakenly sent to the wrong recipient through email, mail, or other channels. [6]
- The second most common error in a 2022 survey was the accidental disclosure or publication of personal data (33%). Other errors included not using BCC in emails (6%), misplacing paperwork or storage devices (5%), and unauthorized verbal disclosures (5%). [6]
- A 2015 study involving 120 countries found that human error played a significant role in over 95% of the incidents analyzed. Without human mistakes, 19 out of 20 security breaches would have been prevented. [7]
- In a 2015 survey, only 30% of the surveyed businesses considered human error a major issue, yet the same companies reported that human error was responsible for 52% of all security breaches. [8]
- When asked about the most common types of human error, 42% of respondents in a 2014 survey pointed to “end users not adhering to policies.” [8] In addition:
- 42% mentioned “overall negligence”
- 31% highlighted “not staying informed about new threats”
- 29% cited a “lack of familiarity with websites or applications”
- 26% noted “IT staff not following protocols”
- A 2022 study found that around 88% of all organizational data breaches are caused by employee mistakes. [9]
- 36% of employees in a 2022 survey believed they made a work-related mistake over the past year that put their company’s security at risk. This is a reduction from 43% in July 2020. [9]
- 56% of employees in a 2022 survey reported receiving a fraudulent text message at work. 32% admitted they followed through with the scam’s request, compromising company data. [9]
Email Errors Leading to Cybersecurity Issues
Email mistakes are one of the most common forms of cybersecurity errors, whether it’s attaching incorrect files or accidentally emailing the wrong person. Here are some statistics to put this issue into perspective:
- A 2020 report found that email phishing attacks are the top threat action in cybersecurity breaches, responsible for over 20% of cases. [10]
- In 2022, around 52% of employees in a study admitted to being tricked by phishing emails where cybercriminals posed as senior company executives, an 11% rise from 41% in 2020. [9]
- In a 2022 study, 26% of employees confessed to falling for a phishing email at work within the past year, a slight increase from 25% in 2020. [9]
- A 2022 study revealed that 17% of employees accidentally emailed the wrong external party, and 5% admitted to sending emails to both the wrong colleague and external recipient, potentially exposing sensitive information. [9]
- Almost 1 in 5 (15%) of employees in a 2022 study accidentally sent an email with the wrong attachment to an external party, risking exposure of confidential information. [9]
- In the first nine months of 2021, breaches caused by misdirected emails reported to the Information Commissioner’s Office rose by 32% compared to the same period in 2020. [9]
Human Error Consequences for Employees
Data shows that employees who make critical cybersecurity mistakes or mishandle cyber threats are being met with increasingly serious consequences.
Below, we gathered more information on the consequences of human error:
- In a 2022 study, 35% of employees had to notify customers about a data loss incident due to misdirected emails, which often damaged client trust and relationships. 44% had to send an apology email. [9]
- In 2020, 20% of companies in a survey lost a customer or client because an employee mistakenly sent an email to the wrong recipient, compromising important data. In 2022, this percentage increased to 29%. [9]
- In 2022, 21% of employees in a survey reported losing their jobs after sending an email with important data to the wrong person. This is a significant increase from 12% in 2020. [9]
- 21% of the employees in a 2022 survey admitted they did not inform their IT team about email-related security mistakes, a rise from 16% in 2020. [9]
Employee Vulnerability to Cybersecurity Threats
Data shows that the chances of employees making security errors vary by their age and the department they work in. Here’s what the numbers say:
- Younger employees (18-24 years old) are five times more likely to fall for phishing emails than older employees, with 39% admitting to clicking on phishing emails compared to just 8% of employees over 65. [9]
- Older employees (over 55 years) are more vulnerable to smishing attacks, with 33% complying with scam text messages, compared to 24% of employees aged 18 to 24. [9]
- Employees in marketing departments are twice as likely to fall for phishing scams (41%) compared to those in finance (21%) and nearly four times more susceptible than those who work in operations (12%). [9]
Reasons for Human Error in Cybersecurity
There are many reasons why human error in cybersecurity is so common. Examples include pressure to act quickly, distraction, fatigue, and the deceptive nature of phishing emails. Here are some statistics on this topic:
- In 2022, 51% of employees in a survey admitted to making security mistakes at work when tired, an increase from 43% in 2020. 50% said they make mistakes when distracted, an increase from 41% in 2020. [9]
- In 2022, when employees were asked why they sent emails to the wrong person, 50% said they felt pressure to send the email quickly, a rise from 34% in 2020. Other common reasons were not paying attention (49%), distraction (47%), and fatigue (42%). [9]
- In 2022, nearly 54% of employees in a survey fell for phishing scams because they perceived the email to be legitimate, up from 43% in 2020. 38% fell for these scams because the email appeared to be from a well-respected brand. [9]
Remote Work and Human Error
Many industry leaders believe that remote work has led to more security breaches due to increased human errors outside controlled office environments. Here’s what the numbers say:
- More than 56% of IT leaders in a survey believed that remote work increases the likelihood of breaches caused by human error. [4]
- 61% of employees in a survey believed remote work either reduces or does not increase their likelihood of causing a breach. [4]
- 54% of IT leaders in a survey thought that remote or hybrid work would make it harder to prevent breaches caused by human error. [4]
- 50% of the IT leaders in a survey feared phishing attacks would be tougher to stop, while 49% believed rule-breaking by employees would become more challenging to control in a remote work setting. [4]
Protect Your Business from Costly Mistakes—Collaborate with I.S. Partners Today!
Human error is a significant contributor to cybersecurity risks, and addressing it is crucial for safeguarding your organization from costly breaches and reputational damage. The statistics are clear—reducing human error is essential to a robust cybersecurity strategy.
What Should You Do Next?
Immediate next steps to strengthen your cybersecurity posture:
Implement Regular Cybersecurity Training. Ensure all employees can recognize and respond to potential threats.
Conduct a Comprehensive Risk Assessment. Identify critical vulnerabilities, especially those related to human error.
Engage I.S. Partners for Internal Audits and Training. Utilize expert auditors to evaluate and reinforce your security practices.
Take the first step toward stronger cybersecurity—contact I.S. Partners for a free consultation today!
Sources
- https://www.verizon.com/business/resources/reports/2020-data-breach-investigations-report.pdf
- Chapter 3. Digital Dependencies and Cyber Vulnerabilities – Global Risks Report 2022 | World Economic Forum
- https://cpl.thalesgroup.com/cloud-security-research
- Download the 2021 Insider Data Breach Survey Report | Egress
- https://go.kaspersky.com/rs/802-IJN-240/images/GL_Kaspersky_Report-IT-Security-Economics_report_2019.pdf
- https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2022
- https://i.crn.com/sites/default/files/ckfinderimages/userfiles/images/crn/custom/IBMSecurityServices2014.PDF
- Trends in Information Security Study | Cybersecurity | CompTIA
- Psychology of Human Error 2022 | Research Report | Tessian
- 2024 Data Breach Investigations Report | Verizon