As many as 3.5 million companies across Britain have suffered from a breach of security or cyberattacks from negligence, with data loss and downtime both revealed as potentially serious consequences.
New research, conducted by insurance company Gallagher, revealed the risk posed by staff and contractors at the 1000 companies polled, with almost 30% saying that breaches rendered their business unable to function for four to five days, and 14% of incidents involving customer data being stolen.
According to a previous study by The Ponemon Institute, since 2018 the number of security breaches by people within organisations has increased by 47%, with the cost of these increasing to around $11.45 million (£8.9 million) over the past two years. In many cases, people are victims of cyberattacks such as phishing, malware and ransomware.
Bob Noel, VP of strategic partnerships, told Information Security Buzz: “Success rates for compromising employees accounts are rising in large part to more effective social engineering efforts.
“Bad actors have greater access to personal information via social media platforms like Facebook, Twitter, Instagram, LinkedIn, and others.
“They are able to use this information to send targeted phishing attacks, tricking users into clicking on malicious links. Once the bad actor has a foothold and access to valid user credentials, they will stealthily move laterally in search of high value assets on the network.
“Organisations of all sizes must recognise that compromise is no longer a matter of if, but when. They must implement technologies like network traffic analysis (NTA) to monitor and protect their organisation against this compromise.
“NTA scrutinises every network conversation, applying advanced security algorithms that can identify this lateral movement and other anomalous behaviour indicative of a breach.”
In 2019, human error was responsible for 90% of UK data breaches, according to research from the UK Information Commissioner’s Office (ICO), an increase from 87% in 2018 and 61% in 2017.
- Almost All 2019 UK Data Breaches Were Caused By Human Error
- Sextortion Emails Claim to Have Images of “Friend’s Naked Girlfriend”
- MSPs to Vote on DNA and Fingerprint Data Storage Law
Data analysed by CybSafe revealed that nine out of 10 of the 2,376 data breaches reported to the organisation in 2019 were due to mistakes made by end-users.
Companies are attempting to improve protection against cyber breaches. 42% say they have invested in off-the-shelf protection packages, and 39% in customised tools to help protect their business and reduce the costs.
Tom Draper, head of cyber at Gallagher, commented: “By businesses taking a comprehensive, multi-layered approach to cybersecurity – including ensuring they have the appropriate insurance in place – establishing effective training programs for employees, and implementing technologies that secure the most sensitive data, they can save both money and resources in the long run, while also helping to mitigate the potential threat of an attack.”