Last week TalkTalk warned its 4 million customers that their personal information might have been stolen in a cyber attack.
The incident has sparked fears of DDoS attacks, where a hacker overwhelms a company’s IT system, which can lead to personal data being leaked.
But new studies reveal that there is a bigger risk to the online security of personal data than cyber attacks of this kind.
Human error has accounted for 9 per cent of data security incidents reported in 2014. This is nine times more than intentional ‘cyber-espionage’ which accounted for only 0.8 per cent, according to data put together by CheckRecipient, a cybersecurity company working with UK law firms to prevent sensitive information from being emailed to the wrong person.
Another report by PricewaterhouseCoopers (PwC) from this year found that 75 per cent of large organisation suffered a staff related security breach last year – up from 58 per cent a year ago. While 31 per cent of small businesses suffered staff related security breach last year – up from 22 per cent a year ago.
In 2013, a rogue company auditor got through company controls at Morrisons and leaked employee data. Andrew Skelton, the auditor in question, has since been sentenced to eight years in jail for the leak. But Morrisons is still being sued by more than 2000 staff after some of their personal and financial details were posted online.
Tim Sadler, CEO of CheckRecipient, said it was surprising that so little was being done to address this “inside threat”.
“In PwC’s report on data security breaches, it described human error incidents as a ‘near certainty’. Yet its main advice was that ‘businesses ensure they are managing the risks accordingly’,” he said.Reuse content