Tangible In the News

CIO, September 9, 2015, Among four cybersecurity experts asked ‘What keeps IT up at night’, Tangible Security’s Joshua Crumbaugh, Director of Penetration Testing, pointed to human errors.

When one adds malice, the 2015 Verizon Data Breach Investigations Report (DBIR) attributes 90% of security incidents to the human element:
  • Miscellaneous Errors, 29.4%
  • Crimeware, 25.1%
  • Insider Misuse, 20.6%
  • Physical Theft/Loss, 15.3%
The above figures pertain to security incidents (79,790), only a subset of these are classified as confirmed data breaches (2,122). The primary actors responsible for the vast majority of security incidents are end-users.

While most IT and executive personnel rightfully direct most blame at end-users, the 2015 DBIR also noted that system administrators were the primary actors responsible for about 60% of errors made by internal staff (“Miscellaneous Errors”) for confirmed data breaches:
  • MisDelivery, 30.6%
  • Publishing Error, 17.1%
  • Disposal Error, 11.9%


  • So how does an enterprise mitigate risks due to the human element? Neither policy, process, technology, nor readiness alone will suffice. Success requires excellence in all four dimensions, which requires forever striving for advanced security maturity. The latest hyped, super widget will never fix the human element. If you do not have a credible sense for your organization’s security maturity level and how it will move to the next level, then you will never succeed in mitigating risks due to the human element.

    Original article in CIO magazine, by Warren Neuburger, "What Keeps IT Up at Night Part 1 - The Human Element"