Phishing and human error are identified as the primary drivers of data breaches, according to a recent survey.
A newly released survey indicates that 69% of companies in the UK reported breaches to the Information Commissioner’s Office (ICO) within the last year, representing a significant increase from 53% in 2024.
Conducted by Apricorn, the research reveals that nearly half of remote employees admitted to jeopardizing data security.
Drawing from responses provided by 200 IT security leaders in the UK, the study highlights phishing as the predominant cause of breaches, closely followed by human mistakes. Notably, 58% of organizations perceive that their staff lack the necessary tools or skills to effectively safeguard sensitive information, despite the proliferation of remote work policies.
The reliance on personal devices for work purposes has surged to 56%, while only 19% of organizations enforce the use of company-issued hardware. This trend raises significant concerns surrounding endpoint security, data oversight, and adherence to GDPR regulations in hybrid work settings.
Challenges in technical support and ambiguous encryption practices are pressing issues, with nearly half of the respondents reporting increasing difficulty managing technologies associated with remote work. Jon Fielding from Apricorn emphasized the need for a more robust connection between documented policies and effective security actions to mitigate breaches.
Interested in learning more about the intersection of AI, technology, and digital diplomacy? If so, consult our Diplo chatbot!
The survey’s findings underscore the heightened risks faced by organizations in the UK, presenting a cautionary tale for U.S. counterparts. Business owners must recognize that the methods employed by adversaries often conform to established tactical frameworks, such as those delineated in the MITRE ATT&CK Matrix. The frequent reliance on phishing techniques points to the initial access stage of attacks, where attackers exploit human vulnerabilities.
Moreover, the emphasis on human error highlights potential gaps in user training and awareness, correlating with challenges in achieving a persistent security posture and privilege escalation. As businesses navigate evolving remote work environments, they must prioritize the implementation of comprehensive security measures tailored to counter the tactics that adversaries continue to leverage.
In addition, organizations should consider the implications of increasing personal device usage, particularly as it pertains to endpoint security and data visibility. Business owners can no longer underestimate the risks posed by human factors, nor should they disregard the efficacy of targeted training and robust technical support structures.
In conclusion, proactive engagement with cybersecurity practices is paramount for safeguarding sensitive data against the backdrop of rising breach incidents. As documented by this survey, the landscape of data security continues to evolve, emphasizing the urgent need for organizations to adapt their strategies accordingly.
