'Threat actors': One-third of IT, security professionals attribute data breaches to human error
Human error remained the leading cause of data breaches in 2023, according to a new report, as cybersecurity incidents see a surge in the past year.
The 2024 Thales Data Threat Report revealed that 31% of IT and security professionals attribute data breaches to human error, remaining in the top spot for “threat actors” since 2022.
The findings validate fears from executives around the world that human error will be the cause of their next cybersecurity breaches.
Rahul Mahna, partner and head of Outsourced IT Services at EisnerAmper, previously urged employers to carry out regular training for staff to prevent such incidents from taking place.
"Given the increase in virtual/hybrid work, most companies should be conducting cybersecurity training at least quarterly," Mahna previously said.
Other threat actors to organisations include external attackers such as hacktivists and nation-state actors, according to the Thales report.
Malware also remained the top threat source across organisations in the past year. The report said cloud assets, including SaaS applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks.
Enterprises that were hit with ransomware attacks surged by over 27% in the past year, coming in second in the list of threat sources after malware. According to the report, eight per cent of enterprises ended up paying ransom demands.
Meanwhile, IT and security professionals said their major causes of concerns now include artificial intelligence (57%), Internet of Things (55%), and post quantum cryptography (45%).
The report from Thales, which surveyed 2,961 IT and security professionals from 18 countries across 37 industries, sheds light on how businesses are adapting their data security strategies and practices amid an evolving threat landscape.
"If there's one key takeaway from this year's study, it's that compliance is key," said Sebastien Cano, Senior Vice President at Thales Cloud Protection and Licensing, in a statement.
According to the report, 43% of enterprises failed a compliance audit in the past 12 months. Among them, 31% experienced a breach in the same year, much lower than the three percent who passed compliance audits.
"Companies that had a good hold over their compliance processes and passed all their audits were also less likely to suffer a breach," Cano said. "We'll start to see more compliance and security functions coming together. This would be a huge positive step to strengthen cyber defences and build trust with customers."