Philip Bridge writes:
[…]
The Information Commissioner’s Office (ICO) has been keen to change the perception that a data breach can only occur through the actions of someone outside the organisation. Instead, it defines a breach as “any event that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.”
Accidents are more prevalent than many think. One survey found that the accidental deletion of information was the leading cause of data loss, driving 41% of cases – far above malicious hacking. Even if there is an attacker from outside the organisation behind a breach, human errors that have resulted in failed data backups could mean the company is without vital event log information that would articulate where the attack originated.
Read more on GRC World Forums