50% of the cases of data breaches take place due to human error

3 min readMay 31, 2019


Data breaches are a commonly reported cyber-heist which has led to the collapse of many organizations. The data breach is unauthorized access to the information which is also known as data leak or data spill through which attackers copy, transmit or steal information. Organizations have collapsed and business has been wiped out of the market, all because of data breaches.

According to Ponemon’s institute data breach study, it has been discovered that 50% of the data breaches are a result of human error. In January itself, 1.77 billion records were leaked. In the United States alone, 227 million cases of data breach were reported during the period of January 2005 to May 2008.

In the year 2006, 28.6 million records belonging to reserves, veteran as well as active duty military personnel were leaked.

In 2008, Countrywide Financial fell victim to a data breach when an employee sold the personal information of approximately 2.5 million customers including their social security number.

The United Kingdom parliamentary expenses scandal occurred in the year 2009 that resulted in the leak of information related to allowances and expenses permitted to Members of Parliament (MPs).

In April 2011, Sony became the victim of a data breach in its PlayStation Network division when approximately its 77 million users were compromised.

In July 2017, Equifax became the largest victim of a data breach in the history of cyber attacks with around 145.5 million affected customers.

In October 2017, North Korean hackers allegedly stole 235 gigabytes of United States-South Korea classified military documents.

In December 2018, Quora suffered the data breach that resulted in the data breach of 100 million users.

How do data breaches affect organizations?

As per the statistics, on average, it takes around 197 days to detect a data breach. Whereas, it takes around 69 days to contain the breach.

The foremost after-effect of data breaches is the financial loss to the organization. According to IBM, the average cost of a data breach is $3.86 million. The average cost per lost or stolen record in a data breach is $148. In the U.S. alone, the businesses that have collapsed after a breach is around $4.2 million.

The statistics are enough to forewarn organizations that these facts will only change for worse. Cybercriminals are becoming sophisticated in their approach to targeting victims. From a basic phishing email to file-less malware attack. The attack methodologies are becoming more advanced and harder to detect.

Around 88% of the companies that have more than 1 million folders, 10% of the folders are accessible by each employee. Over 57% of the companies have 1,000 folders with inconsistent permissions.

How can organizations secure themselves against such cases of data breaches?

  1. Security audits are an effective method to prevent any future data breaches.
  2. Conduct periodic training to employees for identifying probable cyber-attacks.
  3. Monitor and track the transfer of data in order to prevent threat against data exploitation.
  4. Update software and patch unattended vulnerabilities.
  5. Organizations should formulate policies that ensure data protection.

Data breaches can occur either intentionally or by accident. Unauthorized access to the computer system or a virus-infected system are the cases of intentional data breaches. In the case of an unintentional data breach, an employee snoops on the data and discloses it further. Data breached can be either caused by an internal or external threat.

An external threat can include a cyber-attack such as a ransomware attack, phishing attack or even malware can lead to a successful data breach attack. Mishandling of data by a third-party vendor or a negligent employee being careless towards the security of data. Internal threats are majorly caused by the negligence of employees. It is, therefore, important to ensure that your employees are ready to face this attack in real life.




Threatcop is a cybersecurity company that provides security solutions to businesses to protect them against email-based attacks and social engineering attacks.