More than 60% of personal data breaches reported to the Information Commissioner’s Office (ICO) this year were caused by human error, with healthcare the most-affected sector.

Figures obtained by data security solutions firm Egress via a Freedom of Information (FOI) request reveal that 4,856 breaches were reported to the ICO between 1st January and 20th June 2019.

Of those incidents, nearly half (43%) was the result of incorrect disclosure – made up of 20% posting or faxing data to the incorrect recipient, 18% emailing information to incorrect recipients or failing to use Bcc, and 5% providing data in response to a phishing attack.

The remaining 17% was due to data or wrong data shown in a client portal, failure to redact, incorrect disposal of paperwork, loss/theft of paperwork left in insecure location or verbal disclosure of personal data.

Healthcare topped the list of industries most likely to suffer a personal data breach, with the ICO reporting that 18% of all breaches were reported within the sector, compared with 16% within central and local government, 12% within education, 11% within justice and legal, and 9% within financial services.

WHY IT MATTERS

Tony Pepper, CEO of Egress, said: “The healthcare sector persistently tops the list when analysing the sectors affected by data breaches. This is very concerning, especially given the nature of the data. Why this particular industry continues to suffer from internal breaches is worrying and the sector must quickly take action to identify how it can work towards mitigating the insider threat.”

THE LARGER CONTEXT

In Verizon’s 2019 Data Breach Investigations Report, healthcare was the only industry in which the insider threat created more data breaches than external attacks, with 59% of data breaches being associated with internal actors.

According to Verizon, mis-delivery was the most common type of human error that led to data breaches, making up 15% of all data breaches affecting healthcare organisations.

ON THE RECORD

“These statistics are alarming. All too often, organisations fixate on external threats, while the biggest cause of breaches remains the fallibility of people and an inherent inability of employees to send emails to the right person,” said Pepper. “Not every insider breach is the result of reckless or negligent employees, but regardless, the presence of human error in breaches means organisations must invest in technology that works alongside the user in mitigating the insider threat.”