Why Cyberattacks are inherently a very human problem

In the last two years, RFA has been continuously participating in the conversation of digital transformation. This has been a main concern for clients and often our goal has been to help assist them on this journey to embracing a new hybrid model of working. These conversations have often been centred on cybersecurity defences and products and services that RFA can provide in order to ensure businesses are prepared for cyberattacks. Yet, whilst the world continues to accelerate along the path of digital transformation and firms continue to pump money into their technological defences, there is one key factor that is often forgotten – the human aspect to cybersecurity.

In a report published by the IBM Cyber Security Intelligence Index, it was recorded that human errors are the cause of 95% cyber security breaches globally. In Europe, human errors amount to 85% of cyber breaches. In 2020, IBM shared a report titled ‘The Cost of a Data Breach’, which revealed that the average cost of these errors amounts to $3.33 million. This is a very big number and very sobering. For businesses in the alternative investment sector such as hedge funds and private equity firms, this is a costly price to pay, especially for businesses that operate in the SME space. It can be a big expense that SMEs simply cannot afford, financially and reputationally.

Before diving deeper into the true cost of human factors in cybersecurity, I will first outline what these errors actually are. They can be events or actions carried out by staff in businesses that lead to a data breach. More often than not, such events arise due to negligence, a lack of awareness or understanding or quite simply, inappropriate levels of access control to data.

Humans make mistakes and the margin for error is huge. According to IBM, 45% of employees who have opened a phishing email stated that they were distracted, whilst 37% gave the reason for tiredness. 29% answered that they simply were not paying attention when they opened a phishing email. These statistics are not surprising in the development of hybrid working models. We cannot all be vigilant 100% of the time. CISO magazine has documented that 57% of remote workers have admitted to being distracted when working remotely. An employee’s vulnerability to human error can then be worsened due to being placed in high productivity and pace environments too. Whilst the reasons for human error can vary, they are not easy to resolve. It is a far cry away from fixing a faulty software product.

In order to address the inherent nature of what it means to be human, firms must understand that their cybersecurity defences start with people and not technology. Investing in cybersecurity training and education for employees will arm them with knowledge and make them cyber resilient.

There is no denying that cybersecurity threats are inherently human. In a world that is increasingly at threat of cybercrimes, it has never been more important to create cybersecurity training strategies or plans for employees. By offering cybersecurity to employees, they will have greater knowledge on how to successfully respond to a cyber attack, whilst also becoming more vigilant at the same time. This training can quite simply change the outcome of a business surviving financially after a security breach or not. Reach out to me, and we can talk about what your business needs to improve it’s cyber defences.