Human errors account for 60% of all cyber-attacks

07 April 2020 Consultancy.uk

New research from Gallagher suggests that the majority of cyber-attacks in the UK exploit human error – but while this element is impossible to eliminate, many firms are failing to protect themselves in basic ways. Less than one-in-four firms have consulted external experts on tailoring their cybersecurity offering.

According to an Accenture report in collaboration with the World Economic Forum, between 2019 and 2023, approximately $5.2 trillion in global value will be at risk from cyber-attacks, creating an on-going challenge for corporations and investors alike.

Now, new research amongst 1,000 UK business leaders has further confirmed that cyber issues are having a major impact on UK businesses – often costing much more than the immediate value of data stolen. Analysis from Gallagher found that while 14% of firms said cyber-attacks had impacted them in this way, a similar 14% said they had taken a reputational hit – something which in the long-run could cost them valuable customers – and 12% said it had a financial impact, possibly relating to fines. The EU General Data Protection Regulation (GDPR), for example, now means a data breach could bring a huge fine with it.

Cybersecurity used by UK businesses

Employees seem widely to be regarded as a weak link for most firms’ cybersecurity efforts. Seventy-one percent of business leaders say they worry about human error causing a cyber-issues, while 64% say they regularly remind employees about the risk cyber-crime presents. This is understandable as according to Gallagher, among businesses who have experienced a cyber-issue, 39% said breaches related to malware where an employee clicks on fraudulent link. A further 35% said staff had been caught out by a phishing emails.

Despite the huge cost of cyber-breaches and the fact many bosses worry about their employees’ ability to prevent them, however, the majority of UK businesses rely on off-the-shelf technology to safeguard themselves. Just 39% have consulted with external experts on how to tailor their cybersecurity measures – potentially offering criminals a way into their digital operations.

Commenting on the findings, Tom Draper, Head of Cyber at Gallagher, said, “Cyber criminals have become increasingly sophisticated with ways of trying to obtain access to data or a company’s system and it’s hard to remove the risk of human error entirely… However, by businesses taking a comprehensive, multi-layered approach to cybersecurity – including ensuring they have the appropriate insurance in place, establishing effective training programmes for employees and implementing technologies that secure the most sensitive data – they can save both money and resources in the long run...”