For HomeFor BusinessFor Partners
Business Insights
4 min read

Human error identified as the #1 reason behind most cyberattacks

Filip Truta

January 16, 2018

Human error identified as the #1 reason behind most cyberattacks

A survey of 612 Chief Information Security Officers suggests CISOs have a tough road ahead in an ongoing climate of high-profile data breaches.

The survey, sponsored by Opus and conducted by Ponemon Institute, shows 67% of CISOs and Chief Information Officers (CIOs) believe their companies will likely fall victim to a cyberattack or data breach in 2018. And 60% are concerned that a partner or vendor will be to blame.

The most threatening factors named by CISOs, in this order, are:

  • The human factor (70% cited "lack of competent in-house staff")
  • Inadequate in-house expertise (cited by 65% of respondents)
  • Careless employee falling for a phishing scam (65% chance)
  • A malware attack, a data breach or a cyberattack (unspecified percentage)
  • Inability to protect sensitive and confidential data from unauthorized access (59%)
  • Inability to keep up with the sophistication of the attackers (56%)
  • Failure to control third parties' use of sensitive data (51%.)
  • Disruptive technologies – i.e. Internet of Things (IoT) devices (60% of respondents considered these the most challenging to secure)
  • Mobile (54%)
  • Cloud (50%)

As readers may have already noticed, the first three bullet points actually represent the same factor: human error. Many other studies also point to the same key factors (in a similar order of importance) as responsible for most data breaches and cyberattacks.

And CISOs should know. Starting this year, their job depends on jumping over these hurdles. 45% of them fear job loss in the event of a data breach this year, and 69% anticipate their roles will be even more stressful.

The survey results don’t mention the EU General Data Protection Regulation, but the GDPR is likely a key reason behind these concerns. Starting May 25, when the new regulation goes into effect, the GDPR will compel data processing companies to protect that data, or else.

Money could be another reason. According to the same poll, less than half of CISOs believe their IT security budgets will increase – a finding that constantly crops up in such studies since 2016.

"It's not an easy time to be a CISO – there's a lot of pain obvious in these survey results,” said Dr. Larry Ponemon, Chairman of Ponemon Institute. “Data breaches and cyberattacks continue to plague organizations and the responsibility of protecting sensitive data stops with the CISO. It's critical that companies support CISOs and reduce risk by implementing standard processes, including policy review and documentation, senior leadership and board member oversight, as well as other safeguards to reduce their vulnerability."

It's not all bad news, though. Looking ahead, more than a third of respondents say they “see a path” to a stronger cybersecurity culture, and half say their boards are starting to get more involved in IT security.

tags

Business Insights

Author

Filip Truta

Filip Truta

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

View all posts

Right now Top posts

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again
Ransomware Threat Research Threat Intelligence

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again

November 13, 2024

Bitdefender Threat Debrief | November 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | November 2024

November 07, 2024

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Enterprise Security Threat Research

5 Approaches to Counter a Cybercriminal’s Growing Arsenal

November 06, 2024

Bitdefender Threat Debrief | October 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | October 2024

October 10, 2024

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Enterprise Security Endpoint Protection & Management

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Bitdefender Enterprise

November 21, 2024

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Enterprise Security Endpoint Detection and Response

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Jade Brown and Nikki Salas

November 20, 2024

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Enterprise Security Endpoint Protection & Management Endpoint Detection and Response

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Daniel Daraban

November 19, 2024

Bookmarks

loader