What are the leading causes
of data security breaches?
By Jayleen R. Heft, PropertyCasualty360.com
Data breaches continue to make big news. One of the latest trends is an increase in ransomware attacks targeted
at organizations and businesses like hospitals, police stations and universities.
Data security incidents don’t discriminate — they affect all industries. Every
company should be constantly focused
on preventing, detecting, and having the
right capabilities in place to respond to
data security incidents. Accepting that
breaches are inevitable doesn’t mean it’s
not worth trying to stop them.
The 2nd annual BakerHostetler Data
Security Incident Response Report ana-
lyzed data from more than 300 incidents
on which the national law firm advised in
2015. The report looks at causes of incidents, industries most affected, and what
happens after a security incident is detected — from containment, to notification, to
regulatory investigations and even lawsuits.
The sectors most frequently affected
by cyber security incidents in 2015 were
healthcare, financial services, retail, and
Here are the top 6 causes of
data security incidents in 2015:
1. Phishing, hacking or malware
In a shift from 2014, when human
error was the leading cause of data
security breaches, 31 percent of data
security incidents during 2015 were re-
lated to phishing, hacking or malware.
When the privacy and data protec-
tion team at BakerHostetler looked
at the underlying issues that enabled
many of the phishing, hacking and mal-
ware incidents to succeed in 2015, the
breaches often could be attributed to
human error in some way, so in a way,
the numbers show that human error is
a factor more than half of the time.
2. Employee action or mistake
( 24 percent)
3. External theft ( 17 percent)
4. Vendor ( 14 percent)
5. Internal theft (8 percent)
8 components of being
6. Lost or improper disposal of data
( 6 percent)
1. Preventative and detective security
2. Threat information gathering.
3. Personnel awareness and training.
4. Proactive security assessments focusing
on identifying the location of critical
assets and data and implementing
reasonable safeguards and detection
capabilities around them.
5. Assessing and overseeing vendors.
6. Developing, updating, and practicing
incident response plans.
7. Understanding current and emerging
regulatory hot buttons.
8. Evaluating cyber liability insurance.
3 ways companies can
1. Detect incidents sooner.
2. Contain them faster after detection.
3. Keep good logs to facilitate a more
precise determination of what occurred
before the attack was stopped.
No one is completely safe
Most security firms will tell you that a capable attacker will eventually find a way