'More than half' of security breaches in public sector caused by human error

Written by Rene Millman on 4 February 2016 in News

A new report has found that more than half of data breaches in the UK public sector are caused by human error.

The study, commissioned by 8Man and carried out by Govnewsdirect, found that 55% of all security breaches originate from someone with access to systems. The report said that data loss can be malicious but more often than not, it is accidental or the result of human error.

The report questioned around 600 respondents in public sector organisations and local authorities at the end of last year. Over two-thirds (68%) belonged to local authorities, healthcare and education; 28%  of respondents were either at director or C-suite level, and 20% had either 'information' or 'IT' in their job title.

Nearly two-thirds (65%) had serious concerns regarding data security within their organisation with ‘errors by staff’ and ‘simple loss of data’ being the most pressing.

Perhaps, surprisingly, ‘denial of services by hackers’ was of least concern to those surveyed.

Related content

Councils face intensified ransomware threat
Lincolnshire staff restore systems following ransomware attack


The report found that data loss through internal access was most readily explained because the extent of data being owned by multiple stakeholders and users. Over four-in-ten (42%) believed there were more than 10 other data owners in their organisation.

The research was carried out in order to help public sector organisations gauge themselves against other organisations as the new General Data Protection Regulation (GDPR) across the 28 European Union member countries comes into force.

“Whilst no questions specifically relate to the new EU legislation, this reform needs to be the focus for all data protection managers and data owners,” said the report’s authors.

The GDPR will strengthen the rights of all EU citizens to ensure that their data is properly secured and not subject to loss, illegal use or transfer to third parties.

“The scale of the fines being considered, for the most serious cases of data breach or mismanagement, are so significant that it will change data protection from being an IT issue to also becoming a concern for directors. Although the fines may be substantial, they will be minor compared to the loss of business reputation,” the report added.

Share this page



Please login to post a comment or register for a free account.

Related Articles

‘Treated as suspects’ – ICO calls for end to excessive demands for personal data of rape victims
31 May 2022

Information commissioner tells forces to immediately stop gathering info in a manner he claims is putting a major dent in conviction rates

‘A core part of national infrastructure’ – ministers consider regulating to make the cloud safer
27 May 2022

Consultation launched seeking feedback on risks and mitigations for systems that now underpin a wide range of ‘essential services’ 

EXCL: Wall of silence surrounds plan for nationwide collection of citizens’ internet records
26 May 2022

Online notice reveals controversial trials are to be expanded into a national service – about which government, law enforcement, watchdogs and all the UK’s major ISPs declined to answer questions...

ICO hits facial recognition firm with £7.5m fine and order to delete all UK data
25 May 2022

Regulator finds that collection of online images was not fair, transparent or lawful