Survey Finds the Real Data Breach Culprit for Companies is Human Error

Staff Report

Wednesday, December 21st, 2016

Data breaches resulting from hackers often leads the news headlines, however, a survey of compliance professionals conducted in November 2016 by the Society of Corporate Compliance and Ethics and the Health Care Compliance Association found human error to be the main cause of data breaches. While 17% of respondents reported a hacktivist or szhacker was responsible for a breach, lost device (20%) and lost paper files (45%) were far more likely to cause a breach.

"What's likely to be surprising to most is the importance of human factors in preventing data breaches. While the threat of hackers is real, organizations can't afford to neglect training their people on the risks and setting up the proper controls to prevent these often expensive and damaging incidents from occurring," said SCCE and HCCA CEO Roy Snell.

The survey, "Data Breach Incidents, Causes, and Response", first conducted in 2012, was conducted again in November to learn what changes occurred in the past four years and found relatively little has changed when it comes to both managing the issue and the number of incidents.

According to the survey, 38% of respondents reported that their organization had not suffered a data breach in the last year (up from 32% in 2012). But the survey report noted, "company size played a large role. While 51% of organizations with 1,000 employees or less reported a breach, 81% of organizations with 100,000 or more employees had been breached." 

The survey also found employees other than IT were the "#1 source of reporting an incident." The survey results found that audits discovered 5%, IT reported 10%, and employees other than IT reported 46%.