View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Workforce
May 26, 2020

The Biggest Cause of Data Breaches is (Again) Frustratingly Banal

bcc as zero day, every day...

By CBR Staff Writer

We’ll see your Advanced Persistent Threat (APT) and raise you a “bcc”, “reply all”, “fat finger”, “address typo” and wrong fax number.

A new report from the UK’s Information Commissioner’s Office (ICO) today attributed 337 data breaches in the fourth quarter of 2019 to the perennial issue of data being “emailed to incorrect recipient”.

(The figure represents more than five emails sent to the wrong person daily around the country: a genuinely persistent problem.)

See also: This Email Security Startup’s Stormed the Dutch Market – Can it do the Same in the UK?

The figure is marginally down from the 392 such incidents reported in Q4, 2018, but comes as a stark reminder that data protection involves so much more than effective firewalls — the vast majority of data breaches reported to the ICO did not involve any form of network intrusion.

Organisations are obliged to submit data breach [pdf] reports under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR). Failure to do so can incur a modest £1,000 fine.

Main Cause of Data Breaches

The cause of 718 data breaches was attributed to “other non-cyber incident”, with data “posted or faxed to incorrect recipient” the cause of 265 incidents. (Cyber incidents did account for a notable number of breaches: phishing was blamed for 280, “unauthorised access” for 175.)

Tony Pepper, CEO of Egress, a company that provides tools to help prevent emails being sent to the wrong people, said: “While organisations often focus on how [email] can be exploited for inbound attacks like phishing, ‘inadvertent insiders’ making mistakes are a far greater risk.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“Remote working during the COVID-19 lockdown has only amplified this. We’ve seen an average 23 percent rise in email usage, as organisations rely even more heavily on it as a critical business communication tool.

“The ICO’s figure, sadly, will only be the tip of the iceberg for the actual number of misdirected emails in the UK. These incidents traditionally require employees to notice they’ve made a mistake and self-report – and not everyone is willing to do that for fear of repercussions.

Read this: GDPR at Two: A Grossly Misused “Chocolate Teapot”?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.