When one adds malice, the 2015 Verizon Data Breach Investigations Report (DBIR) attributes 90% of security incidents to the human element:
- Miscellaneous Errors, 29.4%
- Crimeware, 25.1%
- Insider Misuse, 20.6%
- Physical Theft/Loss, 15.3%
While most IT and executive personnel rightfully direct most blame at end-users, the 2015 DBIR also noted that system administrators were the primary actors responsible for about 60% of errors made by internal staff (“Miscellaneous Errors”) for confirmed data breaches:
So how does an enterprise mitigate risks due to the human element? Neither policy, process, technology, nor readiness alone will suffice. Success requires excellence in all four dimensions, which requires forever striving for advanced security maturity. The latest hyped, super widget will never fix the human element. If you do not have a credible sense for your organization’s security maturity level and how it will move to the next level, then you will never succeed in mitigating risks due to the human element.
Original article in CIO magazine, by Warren Neuburger, "What Keeps IT Up at Night Part 1 - The Human Element"