Why human error is the top threat to cyber security

Employee error still reigns as the number one threat for data breaches even with modern day security solutions. The numbers don’t lie, with anywhere from 70 – 80% of all breaches being attributed to staff. Yet many organisations do not have a mature information & cyber security awareness programme in place.

As we mentioned in our blog piece ‘The Information Security Paradox’, those tasked with protecting the information assets of their companies are often seduced into outlaying huge financial sums by the shiny baubles of software security solutions whilst neglecting the human factor. And ironically, the more effective your IT security barriers are, the more pressure is put on the user.

The top mistakes employees make

  1. Responding to phishing emails by revealing credentials
  2. Falling for Business Email Compromise (BEC) phishing attacks
  3. Inadvertently allowing malware to be installed on their devices
  4. Not protecting data properly (I.e. leaving laptops open in public spaces / losing devices)

60% of breaches have occurred ​due to Human Error, EVERY 14 SECONDS  A Ransomware Attack strikes, £194,000 Is the UK’s Average Cost of a Cyber Attack

What you can do to prevent human error

  1. Regular, carefully thought-out simulated phishing campaigns that seek to educate and not point finger of blame
  2. Keep staff engaged by highlighting recent examples of BEC and demonstrating where and how the threat could have been mitigated
  3. Clear, interesting and well-articulated company policies & procedures reinforced with employee awareness training
  4. Run a comprehensive 3-year Information Security Awareness Programme (in other words, all the above plus much more!)


Prevent data breaches with a mature security programme

A mature security awareness programme includes learning methods that develop a cyber secure culture and will help your organisation prevent future data breaches. Test your employees to get a baseline of effectiveness, then train and educate them by:

Inspiring them with face-to-face workshops.

Empower them with cutting-edge best-practice aligned eLearning.

Engage them with regular Information & Cyber Security dispatches across varied media types.

Measure your organisations’ progress by performing socially engineered attacks, capturing metrics and KPI’s through more ongoing testing and quizzes. Thus turning your weakest link in to your first line of defense.

Find Out Your Security Awareness Maturity Level In 3 Minutes

What drives engagement with information security

According to the Cyber Security Breaches Survey 2019 the top motivating factors for investing in various information security measures were having a breach in the past, fear of compromising customers’ financial, tax or medical records, fear of attacks becoming increasingly sophisticated, adopting new digital modes of service delivery, banking, migrating data to new servers or to the cloud, allowing more flexible remote working among employees or suppliers and GDPR.

A good information security awareness programme is the best defense but cannot be achieved without foresight and planning. To be effective, programme messages must be simple, direct and repeated continuously in different guises and mediums and of course,resonate with the receivers. A one-time presentation or a static set of independent activities isn’t good enough.
You’ve got to find a way to get the subject matter in their heads to influence the behavior changes that deliver measurable results. eRiskology is not just a training course, eRiskology is a comprehensive information security awareness training programme comprised of a series of four harmonised approaches designed to protect and change behaviours based on key performance indicators applied to measure that change, giving your staff the knowledge on how to protect your sensitive information and data from unauthorised access, reduce security risk and prevent cyber attacks.


security starts with people
Risk Crew