Skip to main content

Cyber breaches and the true cost of human error

We’ve recently seen more big news stories circulating about data, and of course we all understand the premise of what data is and the sort of damage it can do – particularly where sensitive data is revealed online about identifiable people. The fallout from these rains down from several different angles.

  • Releasing personal data, particularly email or even hashed passwords, can mean unauthorised entry to your personal or your businesses information
  • Personal data might give leverage to people or groups of people looking to extort or leverage you for ransom
  • The cost of simply informing and protecting the data subjects in the future for things like credit

But it’s not just this.  We’ve only just heard of an information breach of potentially high target data subjects, which is yet more analogue than ever, where addresses and names of people have been released. Armed with information such as addresses, a perpetrator may not even need to utilise a computer to pursue a data subject. The most current data breach comes before the ripples of the MOVEit attack had begun to form, with OFCOM, and even the public via polling data among the most recent victims.

Interestingly, both of these attacks are somewhat different in their construction.  Although we cannot be sure, the MOVEit attack appears to be an external threat gaining entry and access via malicious software and was suspected to take place over more than the course of a year – and is defined by industry insiders as a “complex cyberattack”.

On the other hand, the latest of the two attacks appears to have no malicious intent. It occurred out of a freedom of information request, and in error a database has been released on the internet that should not have been.  The good news is that it appears that no person’s address was shared.

The major difference between these two events however is that one is a sophisticated and orchestrated attack. It took a long time, it probably required experts and funding, and is sufficiently complex that it has bamboozled many investigating it. The other did not require any time, skill, or funding – it was simply an accident, a human error.

Attacks and data breaches can come from so many different sources – which is more than enough evidence to reinforce the importance of cyber insurance. From the simplest, accidental release of the wrong spreadsheet, all the way through to a co-ordinated, funded and planned attack, the common theme is that businesses can indeed manage their risk, pay attention to staff training, and implement the security protocols recommended by insurers.

Of course, there’s no guarantee that all of this will keep your data safe. However, the frequency of cyber losses is increasing, and you want to make yourself a harder target, from both the inside and out.