Human error ‘responsible for most local government data breaches’

Most data breach incidents in local government were caused by human error, according to new research released by Egress Software Technologies.

Using data received from the Information Commissioner’s office, the software company found that there were 642 reported cases of data breaches within local government – second only to the health sector in volume.

Critically, the findings showed that the many of these incidents are attributed to human error, rather than external threat. The top-ranking incident types were:

  • Theft or loss of paperwork – 24 percent
  • [Other principle 7 failure] – 22 percent
  • Data faxed/posted to incorrect recipient – 19 percent
  • Data sent by email to incorrect recipient – 9 percent
  • Failure to redact data – 5 percent

Additional findings from the research included:

  • The courts and justice sector has experienced the most significant increase in incidents, a 290 percent hike since 2014, placing it in the top five worst affected industries by the last quarter of 2016.
  • Other significant increases can be seen in the central government and finance industries, with 33 percent and 44 percent increases, respectively.
  • The ‘human element’ – where internal staff have made mistakes – accounted for almost half of total data breach incidents: 44 percent October-December 2014, 43 percent 2015, 49 percent 2016.
  • Data shared in error is the single highest contributor to breaches year-on-year resulting from human error, annually, causing roughly one-third of incidents (31 percent 2014, 34 percent 2015, 31 percent 2016).

Tony Pepper, CEO and co-founder of Egress Software Technologies said: “We are all aware that security incidents are rising, but many may not suspect how large a proportion of these are down to error and lack of control over sensitive data.

“What the information from the ICO makes clear is that all businesses need to do more to better protect sensitive information. Meeting this challenge requires a combination of improved employee training and the communication of risks, and the deployment of the right technologies to minimise the number opportunities available for human error to take hold.”

Related reading