Human error is the leading cause of data breaches, a new report reiterates, so early detection should be IT managers


More evidence that employee negligence is security risk No. 1

What: The BakerHostetler Data Security Incident Response Report.

Why:  Thirty-six percent of data security incidents handled last year by the BakerHostetler  law firm were due to employee negligence, making it the leading cause of security incidents.  According to the firm's newly released report, other causes were outsider and insider theft, malware and phishing attacks.

While no industry is immune from security threats, the healthcare sector appears to be taking the hardest hit, though that may be attributable to the industry’s data breach notification requirements. Other affected sectors include education, financial services, retail, insurance, technology, entertainment and hospitality. The study measured severity by number of affected individuals, with professional services and retail/hospitality services topping the list, and healthcare and government not too far behind.

This survey shows that “companies cannot eradicate security risk solely through the use of better technology,” the report authors said.  Technical security solutions do not stop employees from being phished, nor prevent IT staff from failing to review logs or improperly configuring servers.

Developing stronger detection capabilities and shortening detection time is crucial to avoiding third-party breaches, financial consequences and public explanations. IT managers can use forensic data  to break down what happened and limit the scope of damage. The report also suggests implementing security training and awareness to policies and procedures, having an incident response plan ready and working with security consultants to conduct necessary assessments.

Take away: “Our analysis shows that best-in-class cyber risk management starts with awareness that breaches cannot be prevented entirely, so emphasis is increasingly on defense-in-depth, segmentation, rapid detection and containment, coupled with ongoing effort to monitor threat intelligence and adapt to changing risks,” said BakerHostetler's Craig Hoffman.

Get more:

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected