People are the weakest link in data breaches, but can they be held accountable?

In the people-process-technology triad, human error is the top reason for breaches, accounting for 70% of successful attacks, a Cyberinc survey reveals. The next biggest cause is vulnerability management through patches and upgrades, accounting for just 14% of successful attacks.

people weakest link

Securing remote users is top priority

The report also shows that more than 60% of respondents said that securing remote users is their top security priority in 2021, and roughly three-fourths of individuals indicated that their organization is unable to keep up with the increasing volume of cyber alerts. At the same time, only one in six respondents expressed confidence in their organization’s current security investments.

These findings are in line with another research which discloses that even with more investment in enterprise security programs, the cost to business from successful breaches and attacks continues to worsen.

A recent report shows that despite a 10% increase in security spending, the number of breaches in 2020 set a record, hitting a level greater than the previous 15 years combined. Additionally, IBM’s recent report states that the average total cost of a data breach was $3.86M in 2020.

Verizon’s report says that nearly three and a half percent of users will still click on a malicious link in a phishing email, no matter what, showing that investments in increasing employees’ cyber awareness and education can help but not stop organizations from potentially losing millions of dollars to hackers.

Cybersecurity is not the average employee’s job

These statistics underscore the importance of putting in place new processes and technologies to protect organizations from a problem that will likely persist, given that cybersecurity is not the average employee’s job.


“It’s simply not realistic to expect that employees can make the right judgment call on the credibility of a potentially malicious email,” said Nirav Shah, COO of Cyberinc.

“We see examples all the time where individuals unknowingly click on something that looks legitimate and cause their organization to be a victim of a costly malware attack. But it’s not their fault. Mistakes are human nature. Securing the click without burdening the user is the job of the security stack. The user should only be concerned about operating the business.”

“Protecting the click by remotely isolating it and ensuring the end user is safe from risky content is a significant step toward protecting users and organizations at large,” he continued.

“Rooted in zero trust, remote browser isolation is critical technology that blocks nearly 90% of successful attacks before they are weaponized and can cause damage, and can save companies millions of dollars in ransomware, credential theft, and other damaging attacks.”

Don't miss