DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The largest cause of data security incidents is….. what?

Posted on May 8, 2015 by Dissent

The new BakerHostetler report on data security incidents says that human error was the largest cause of data security incidents, accounting for 36%. Their finding is consistent with the new Ponemon report that also puts employee error as the number one cause, at 39%

But then you read RBS’s report on 2014 breaches where they say that 67% of breaches were due to hacking, and maybe you scratch your head. And you read HealthITSecurity.com, who report that hacking is currently the leading cause of breaches in the health care sector, according to HHS’s breach tool.

So who’s right? Those who say that insider error is the biggest single factor, or those who say that hacking is?

The problem with HealthITSecurity.com’s statement can be explained by the way HHS codes incidents. It may be that the 30 of 92 incidents coded as “Hacking/IT incidents” could be mostly IT incidents such as exposure on the Internet due to human error. Then again, some of the “hacking/IT incident” numbers are currently inflated by the fact that the breach tool not only includes Anthem’s reported breach, but it also includes reports from entities affected by the Anthem breach (and presumably already included in Anthem’s numbers), thereby double-counting some incidents and records.  This blogger has frequently lamented the difficulties in using and making sense of the public breach tool due to its confusing coding and system.

As to the RBS report, well that may be a tad more complicated to explain. RBS includes hacks that show up on paste sites, and there are a lot of those. In contrast, small human error breaches generally don’t make the media and are not posted to paste sites. So there’s more information on hacks than on employee errors.  That’s just one factor to think about, and there are others that may also help explain why their estimates of hacking incidents may remain higher than other sources.

The differences in the findings are not unimportant, either. If an entity is trying to decide where to invest their security budget and resources, it may make a difference whether the biggest threats are inside or outside, right?

In the meantime, every time a new study comes out, I take a breath and wait for the headlines and bullet points from those who often haven’t drilled down into the sampling and methods used.  Then I just go throw up my hands and head for the coffee pot.

 

 

Category: Breach IncidentsCommentaries and Analyses

Post navigation

← Health Industry Can’t Protect Your Records from Hackers: Report
Singapore: New Advisory Guidelines and Resources Available →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.