The Biggest Cause of Data Breaches is (Again) Frustratingly Banal

We’ll see your Advanced Persistent Threat (APT) and raise you a “bcc”, “reply all”, “fat finger”, “address typo” and wrong fax number.

A new report from the UK’s Information Commissioner’s Office (ICO) today attributed 337 data breaches in the fourth quarter of 2019 to the perennial issue of data being “emailed to incorrect recipient”.

(The figure represents more than five emails sent to the wrong person daily around the country: a genuinely persistent problem.)

Main Cause of Data Breaches

The cause of 718 data breaches was attributed to “other non-cyber incident”, with data “posted or faxed to incorrect recipient” the cause of 265 incidents. (Cyber incidents did account for a notable number of breaches: phishing was blamed for 280, “unauthorised access” for 175.)

Tony Pepper, CEO of Egress, a company that provides tools to help prevent emails being sent to the wrong people, said: “While organisations often focus on how [email] can be exploited for inbound attacks like phishing, ‘inadvertent insiders’ making mistakes are a far greater risk.

“Remote working during the COVID-19 lockdown has only amplified this. We’ve seen an average 23 percent rise in email usage, as organisations rely even more heavily on it as a critical business communication tool.

“The ICO’s figure, sadly, will only be the tip of the iceberg for the actual number of misdirected emails in the UK. These incidents traditionally require employees to notice they’ve made a mistake and self-report – and not everyone is willing to do that for fear of repercussions.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Main Cause of Data Breaches

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing