According to a recent study by Mimecast, human error played a significant role in 95% of data breaches in 2024. Insider threats, credential misuse, and user-driven errors were identified as key factors contributing to these security incidents. The study revealed that a small percentage of employees, only 8% of staff, were responsible for 80% of the breaches.
One high-profile incident mentioned in the report was the Change Healthcare ransomware attack, where an employee fell victim to a phishing email, leading to compromised credentials and unauthorized access to the network. This highlights the potential impact of human error on cybersecurity.
The study also found that 43% of respondents reported an increase in internal threats or data leaks caused by compromised, careless, or negligent employees over the past year. Furthermore, 66% of participants anticipate a rise in data loss due to insider threats in the upcoming year.
Organizations are investing in training programs to educate employees on spotting and preventing cyber-attacks. Despite this effort, 33% of respondents expressed concerns about mistakes and human error in handling email threats, while 27% worried about employee fatigue leading to lapses in vigilance.
Interestingly, the study revealed that 95% of organizations are utilizing artificial intelligence (AI) to bolster their defenses against cyber-attacks and insider threats. However, more than half of the respondents admitted to not having specific strategies in place to handle AI-driven threats effectively.
Concerns were also raised about the potential for sensitive data leaks through GenAI tools, with 81% of participants expressing apprehension about this emerging risk. Although cybersecurity budgets have increased for 85% of organizations in the last year, many believe that additional funding is necessary for cybersecurity staff, third-party services, collaboration tool security, and email security.
The survey highlighted worries about the growing attack surface presented by collaboration tools like Slack and Zoom. A staggering 79% of respondents acknowledged that these tools introduce new threats and security vulnerabilities. Nearly half of the participants reported an uptick in threats from collaboration tools in the past year, and 61% believe that their organization is likely to suffer a negative business impact from an attack linked to these platforms in 2025.
In conclusion, while organizations are ramping up their cybersecurity efforts and leveraging AI technology to combat threats, the human element remains a critical factor in data breaches. Continued training, robust strategies, and increased awareness are essential to mitigate the risks posed by insider threats and human error in the ever-evolving cybersecurity landscape.