95% of Data Breaches Tied to Human Error in 2024 – Source: www.infosecurity-magazine.com

Human error contributed to 95% of data breaches in 2024, driven by insider threats, credential misuse and user-driven errors, according to a new study by Mimecast.

A small fraction of employees contributed disproportionately to these security incidents, with just 8% of staff accounting for 80% of incidents.

The report highlighted several high-profile incidents in the past year that were linked to human error. This included the Change Healthcare ransomware attack, in which an employee’s credentials were compromised through a phishing email, enabling the threat actors to gain access to the network.

Nearly half (43%) of respondents reported seeing an increase in internal threats or data leaks initiated by compromised, careless or negligent employees in the past 12 months. Additionally, 66% expect to see data loss from insiders growing over the coming year.

Security decision-makers surveyed said insider-driven data exposure leaks and theft events cost an average of $13.9m to the organization.

Most (87%) organizations said they train their employees to spot cyber-attacks at least once a quarter. Despite this, 33% fear mistakes and human error in handling of email threats by employees, while 27% are concerned that employee fatigue is causing lapses in vigilance.

Most Organizations Use AI to Defend Against Attacks

The report found that 95% of organizations are using AI to help defend against cyber-attacks and/or insider threats.

Conversely, over half (55%) of respondents admitted they are not fully prepared with specific strategies to deal with AI-driven threats.

Additionally, 81% were concerned about the potential for sensitive data leaks via GenAI tools.

While 85% of respondents revealed their organization’s cybersecurity budget has increased in the last 12 months, 57% said that additional budget is required for cybersecurity staff and third-party services (57%), collaboration tool security (52%) and email security (47%).

The survey highlighted concerns about collaboration tools expanding the attack surface, with 79% agreeing that the use of such tools poses new threats and security loopholes.

Collaboration tools are designed to help people communicate and coordinate on projects, with examples including Slack and Zoom.

Nearly half (44%) of respondents reported an increase in threats from these tools in the past 12 month, while 61% said it is inevitable or likely that their organization will suffer a negative business impact from an attack linked to a collaboration tool in 2025.