Data Breach Management – Human Error

Introduction to Data Breach Causes


Data breach management is a constantly evolving field as the various technical aspects evolve, including new technologies implemented by organisations, as well as new cyberattack strategies by bad actors seeking to exploit those technologies. One risk factor has always remained the same, however, and depending on how clued in you are on the topic of data breaches, it might come as a surprise to learn that one of their leading causes isn’t flaws in the technology itself, but in fact, human error.


Studies from Verizon and Stanford University have suggested that as much as 82 – 88% of data breaches are caused by, or attributed to, an employee mistake or error. Similar research from IBM Security put this figure as high as 95%. Additionally, the Thales Data Threat Report surveyed organisations that had recently suffered a cloud data breach, and 55% of respondents identified human error as the primary cause.


So, what specifically causes data breaches? What are some of the ways that malicious third parties can gain unauthorised access to information they shouldn’t? And what can be done to try and prevent these incidents and improve an organisation’s data breach management strategy?

Be on the lookout for ‘typosquatting’


Just recently, it was revealed that the US military had suffered a huge data breach from a simple misspelling in an email suffix, which had been ongoing for years.


A professor at Syracuse University has highlighted this issue as one that individuals should be aware of. There’s a common cyber-crime called ‘typosquatting’ (also known as URL hijacking), where criminals will create their own malicious site under a slightly misspelt domain name, either by incorporating their own barely noticeable typo, or taking advantage of an accidental misspelling by the target.


For example, users may be tricked into visiting a site with the domain “”, that disguises itself as the real Microsoft website. These fake sites can then be used to intercept passwords and install malware on a visitor’s device, among a variety of other concerning ways ‘cyber-squatters’ will use typosquatting.

The dangers of human error

In February of 2023, the NHS suffered a data breach that leaked information linked to an estimated 14,000 employees via email. This unfortunate event was also down to – you guessed it – human error.


The forms that human error takes in cybersecurity vary greatly, from forgetting to update security software to leaving a device unlocked in a public space. All it takes is a simple mistake – a minor slip-up – to snowball into a catastrophic leak of sensitive and confidential information. Understanding why and how these errors occur will help to prevent these sorts of mistakes from happening before they turn into data breaches.


In the earlier mentioned study, Stanford University found that:


  • Nearly 45% of respondents cited distraction as the top reason for failing a phishing scam.
  • 57% of remote workers surveyed admitted that they were more distracted when working from home.


These results suggest that many of the mistakes made by employees are simply down to a brief lack of focus or a momentary lapse in judgement. Only by ensuring that their work environment is appropriate and distraction-free can staff remain alert and wary of the malicious attacks that result in data breaches far too often.

Managing the risks


Unfortunately, solving human error doesn’t have a quick fix, and organisations will instead need to actively and consistently help employees understand how these data breaches can happen and why due diligence is so vital.


One key thing that organisations can do is provide regular training on cybersecurity and data protection. According to the Advanced Computing Systems Association, companies should host cybersecurity training every four to six months. Training should be as accessible as possible, making it easier for employees to digest and increasing the likelihood of it being taken on board and remembered when it counts.


Data breach logs are an absolute must when dealing with data breaches. Organisations must keep a record of all personal data breaches in an inventory log, which requires the inclusion of:


  • The facts surrounding the breach.

  • The effects of the breach.

  • Remedial action taken following the breach.


This ensures that future investigations will have all the relevant facts, and that the organisation can review its history of breaches to spot patterns and implement remedial measures to prevent them in the future.


At DPAS, we have our own comprehensive data breach reporting form that we can share with you. We can also advise you on the use of data breach reporting tools, such as Responsum, a software which manages your data security, including handling incidents and breaches.

Key take-aways


So, what can we learn from this? 


Though important, having the best security features you can buy won’t be enough to stop data breaches from happening. In order to successfully mitigate the risk of a data breach, it’s important for organisations and businesses to:


  • Implement regular and effective cybersecurity and data protection training to its employees.
  • Log breaches, detailing the nature of the breach and the actions taken.
  • Liaise with the ICO, where appropriate.


Despite the varying figures across data breach studies, there is no denying that human error is a leading contributing factor, and these statistics demonstrate a huge importance that must be placed on appropriate procedures and training so that these errors are much less likely to occur.


Want to check if your data has been leaked in a data breach? Find out at ‘Have I Been Pwned’.

Our work for Devon County Council


One of our numerous satisfied clients is Devon County Council.


They came to us as part of their data breach management and remediation strategy, to conduct a root cause analysis to investigate a heavy increase in data breaches since the first lockdown in April 2020. These data breaches posed significant risk to the rights and freedoms of service users, and, like any breach of personal information, couldn’t be taken lightly.


Devon’s initial analysis was that the cause was down to human error. For a more thorough and specific examination, they approached DPAS for assistance. They did so hoping for expert advice and lessons to learn going forward so that this can be better prevented in the future. We also provided them with a detailed report of the incident and recommended remedial action to get the situation back under control.


To read about how we used a causation analysis method to break down each incident, carried out our investigation in a three-stage process, and identified building blocks to implement a remediation strategy, you can read our full case study on our website.


This was a classic example of human error-caused data breaches, but nothing that DPAS couldn’t help with.

We can help with data breach management


Has your organisation suffered a data breach? Or if not, are you worried about what might happen if it does?


At DPAS, we offer emergency data breach help, advice and remediation services where we can assist you in:


  • Investigating your data incidents & data breaches by conducting a root cause analysis.
  • Implementing a procedure for the management and investigation of data breaches / incidents.
  • Providing assistance to stop a data breach / incident, and addressing it to minimise potential harm to data subjects (and your organisation).


…and much more.


Learn the details by clicking here.


If you’d like to talk to us more about how we can help, either give us a call on 0203 3013384, send us an email at, or simply fill in our contact form and we’ll get in touch with you.

related posts

Get a Free Consultation