Data loss affected four out of five organizations as careless users do damage

News
By published

“Careless users” are the number one cause of data leaks, a new report suggests.

VPN Tunnel
Image Credit: Pixabay (Image credit: voyager624 / Shutterstock)

Four out of five organizations around the world (85%) suffered at least one data loss incident last year, a report from cybersecurity researchers Proofpoint claims - adding that most of the time, it’s not the computers’ fault - it’s ours.

The company's research explored how current approaches to data loss prevention (DLP) are holding up against macro challenges.

According to the report, data loss is usually the result of poor interactions between humans and machines. “Careless users” are much more likely to cause data incidents, than compromised or otherwise misconfigured systems.

The human factor is again to blame

Proofpoint further claims that many organizations are happy to invest in DLP solutions, but these investments are “often inadequate”. Of all the organizations that suffered a data loss incident, almost nine in ten (86%) faced negative outcomes, such as business disruptions, or revenue losses (reported by more than half - 57% - of affected firms). 

“Careless, compromised, and malicious users are and will continue to be responsible for the vast majority of incidents, all while GenAI tools are absorbing common tasks—and gaining access to confidential data in the process,” commented Ryan Kalember, chief strategy officer, Proofpoint. “Organizations need to rethink their DLP strategies to address the underlying cause of data-loss—people’s actions—so they can detect, investigate, and respond to threats across all channels their employees are using including cloud, endpoint, email, and web.” 

Misconfigured databases - incidents in which employees, for example, forget to set up a password for a major database, are one of the most common causes of data leaks.

Over the years, we’ve witnessed millions of people lose their sensitive information that way, including an unprotected database holding sensitive information on the entire population of Brazil. Another example is a recent BMW security error that resulted in the leak of sensitive information belonging to its customers.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.