Study: Human error causes data breaches

New York - Human error was the number one cause of data security incidents in 2014. According to a new report released by the Privacy and Data Protection Team at BakerHostetler, in the incidents that the firm worked on in 2014, employee negligence was responsible 36% of the time.



That was followed by theft by outsiders (22%), theft by insiders (16%), malware (16%) and phishing attacks (14%).Incidents were self-detected 64% of the time. Of the incidents reported by a third party, 27 % were due to theft.



For incidents that involved identifiable dates of detection and notification, the average amount of time that elapsed from incident occurrence to detection was 134 days.



Among the other notable statistics in the report are:



• Not all security lapses involved the theft or hacking of electronic records. Of the incidents included in the report, 21% involved paper records.



• 58% of the incidents required notification of affected individuals – based on state breach notification laws.



• Credit monitoring was offered in 67% of the incidents.



• In 75 incidents where notification letters were mailed, only five of the companies faced litigation by potentially affected individuals.



• Attorneys General were notified in 59 cases, resulting in inquiries 31% of the time. Multi-state inquiries were initiated less than 5% of the time.



• For incidents involving stolen payment card data, PCI Data Security Standards fines for non-compliance ranged from $5,000 to $50,000 per matter. Initial demands for operating expense and fraud assessments ranged from $3 to $25 per card involved.