September 30, 2015
New research suggests that human error is still the leading cause of data loss for UK organisations. According to the study from technology security firm Databarracks, based on responses from 400 IT decision makers, around a quarter (24 percent) of organisations admitted to a data loss caused by a mistake by employees over the last twelve months. Other high-scoring causes of data loss included hardware failure (21 percent) and data corruption (19 percent). Perhaps surprisingly, only a little over half of respondents (55 percent) had a specific disaster recovery plan in place and another 15 percent intended to create one over the next twelve months. This is in spite of the fact that a quarter (25 percent) of those surveyed admitted they had been subject to a cyber attack in the preceding year. As we reported this week, such attacks now cost the UK some £200 billion each year.
Oscar Arean, technical operations manager at Databarracks, elaborated on the results: “Human error has consistently been the biggest area of concern for organisations when it comes to data loss. People will always be your weakest link, but having said that, there is a lot that businesses could be doing to prevent it, so we’d expect this figure to be lower. The results weren’t consistent across all organisations though. When we broke the results down by business size, we saw that for the second year in a row, it was actually hardware failure that led to the most data loss for large organisations at 31 percent (up from 29 percent in 2014).
“This isn’t surprising as most large organisations will have more stringent user policies in place to limit the amount of damage individuals can cause. Secondly, due to the complexity of their infrastructure, and the cost of maintaining it, large organisations may find it more difficult to refresh their hardware as often as smaller organisations, so it’s inevitable at some point it will just give out.”
Arean goes on to suggest that SMEs should adopt more of a big business ethos when it comes to managing human error: “The figures we’re seeing this year for data loss due to human error are too high (16 percent of small businesses and 31 percent of medium businesses), especially considering how avoidable it is with proper management. I think a lot of SMEs fall into the trap of thinking their teams aren’t big enough to warrant proper data security and management policies, but I would disagree with that.
“In large organisations, managers can lock down user permissions to limit the access they have to certain data or the actions they’re able to take – this limits the amount of damage they’re able to cause. In smaller organisations, there isn’t always the available resource to do this and often users are accountable for far more within their roles. That is absolutely fine, but there needs to be processes in place to manage the risks that come with that responsibility.
“Of course small organisations don’t need an extensive policy on the same scale that a large enterprise would, but their employees need to be properly educated on best practice for handling data and the consequences of their actions on the business as a whole. There should be clear guidelines for them to follow.”