Almost two thirds (65%) of respondents to a Twitter poll said that humans pose the greatest threat to the security of data. Furthermore, more than a quarter, 27%, said that they have either lost, misplaced or had a device stolen that had sensitive corporate information stored on it.
One in five respondents admitted to breaching corporate data protection policies and one third said they were not aware of any such policies in their company.
Just 13% said they believe that unintentional human error is a risk. In regard to personal data, technology was seen as a threat by 35% of respondents. The poll attracted 12,527 respondents and was hosted on social media poll by security hardware company Apricorn.
This data, is not wholly representative as it relies on self-reporting from a sub-section of technology users. However it still corroborates the findings of data security incident reports received by the ICO.
Through a Freedom of Information request by Kroll, it was revealed that 2,124 data security incident reports could be attributed to human error, while just 292 were down to deliberate cyber incidents.
Of the total number of incident reports (2,416) 19% were attributed to sending confidential information to the wrong recipient, 18% were down to the loss or theft of paperwork and 7% were caused by data being left in an insecure location.
Furthermore, according to the International Association of Privacy Professionals, a US-based membership association, the vast majority of data breaches between 2016 and 2017 were mistakes.
Just 6.2% of data breaches were intentional and malicious, 9.1% were intentional but not malicious and a whopping 84.7% were unintentional or inadvertent.
According to the Verizon 2018 Data Breach Investigation Report, there are measures that organisations should consider. They should bring in two-factor or multi-factor authentication for anyone who administers web applications or databases, monitor usage and investigate large spikes in usage that could indicate something nefarious is taking place, and implement a checklist for general security on a regular basis.