A new report has found that more than half of data breaches in the UK public sector are caused by human error.
The study, commissioned by 8Man and carried out by Govnewsdirect, found that 55% of all security breaches originate from someone with access to systems. The report said that data loss can be malicious but more often than not, it is accidental or the result of human error.
The report questioned around 600 respondents in public sector organisations and local authorities at the end of last year. Over two-thirds (68%) belonged to local authorities, healthcare and education; 28% of respondents were either at director or C-suite level, and 20% had either ‘information’ or ‘IT’ in their job title.
Nearly two-thirds (65%) had serious concerns regarding data security within their organisation with ‘errors by staff’ and ‘simple loss of data’ being the most pressing.
Perhaps, surprisingly, ‘denial of services by hackers’ was of least concern to those surveyed.
Related content
Councils face intensified ransomware threat
Lincolnshire staff restore systems following ransomware attack
The report found that data loss through internal access was most readily explained because the extent of data being owned by multiple stakeholders and users. Over four-in-ten (42%) believed there were more than 10 other data owners in their organisation.
The research was carried out in order to help public sector organisations gauge themselves against other organisations as the new General Data Protection Regulation (GDPR) across the 28 European Union member countries comes into force.
“Whilst no questions specifically relate to the new EU legislation, this reform needs to be the focus for all data protection managers and data owners,” said the report’s authors.
The GDPR will strengthen the rights of all EU citizens to ensure that their data is properly secured and not subject to loss, illegal use or transfer to third parties.
“The scale of the fines being considered, for the most serious cases of data breach or mismanagement, are so significant that it will change data protection from being an IT issue to also becoming a concern for directors. Although the fines may be substantial, they will be minor compared to the loss of business reputation,” the report added.