Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Accidental data breaches still major cause of data loss

Accidental data breaches still major cause of data loss 

Employee errors or data breaches that occur while a company’s data is under the protection of a third party, accounts for 30 per cent of overall breaches, according to Beazley Plc, a specialist insurance company which manages six Lloyd’s security chain syndicates and has operates in the United States, Asia, Australia, the Middle East, and Europe.

That’s “only slightly behind the level of hacking and malware attacks. In the healthcare sector these accidental breaches represent, by a significant margin, the most common cause of loss at 42 per cent of incidents,” a report by the company said.



The Vitamin C podcast

“This continuing high level of accidental data breaches suggests that organizations are still failing to put in place the robust measures needed to safeguard client data and confidentiality,” the report said. “Since 2014, the number of accidental breaches reported to Beazley’s team has shown no sign of diminishing.”

Related content





The report found that ransomware attacks continued their rise in the first half of 2017, up by 50 per cent over the first half of 2016.

Hacking and malware attacks (of which ransomware attacks form a growing part), continue to be the leading cause of breaches, accounting for 32 per cent of the 1,330 incidents that Beazley Breach Response Services helped clients handle in the first half of the year.

Healthcare was the sector that experienced the highest increase in ransomware demands at 133 per cent.

Here are more highlights from the report:

  • Higher education sector – Unintended disclosures caused 26 per cent of breaches in the first half of 2017 in the higher education sector. While slightly down from the 28 per cent recorded in the same period last year, this still represents a quarter of all breaches which could be mitigated through more effective controls and processes.
  • Hacks and malware accounted for nearly half of higher education data breaches in the first six months of 2017 (43 per cent), roughly even with the 45 per cent of breaches caused by hacking in the same period in 2016. Of these, 41 per cent were due to phishing.
  • Healthcare sector – Unintended disclosure such as misdirected faxes and emails or the improper release of discharge papers – continued to drive the majority of healthcare losses, leading to 42 per cent of industry breaches in the first half of 2017, equal to the proportion of these breaches in the industry during the same period in 2016. Hacks and malware accounted for 18 per cent of healthcare data breaches in 1H 2017, compared to 17 per cent in the first half of 20016.
  • Financial services sector –Unintended disclosures among financial services firms like sending bank account details or personal information to the incorrect recipient – grew to 29 per cent in the first half of 2017 from 25 per cent during the same period in 2016, a level that has remained consistent since 2014. Hacks and malware were on a downward trend representing 37 per cent of breaches in the first half of 2017 compared to 46 per cent of breaches in the first half of 2016.
  • Professional services – At first glance, professional services firms appear to have greater internal controls in place with unintended breaches accounting for 14 per cent of all incidents, well below the average for the period in question. However, the trend is tracking adversely, up from 9 per cent in the first half of 2016.
  • Firms in the sector were not immune to hacking and malware attacks, with these incidents accounting for 44 per cent of breaches in the time period compared to 53 per cent in the first half 2016. Social engineering scams, including W2 fraud and requests for fraudulent wire transfers, were a large driver of attacks at the beginning of 2017.

Beazley recommends companies do the following to better protect their data:

  • Deploy prevention and detection tools
  • Use threat intelligence services
  • Train managers and employees on cyber security, threat awareness, and phishing
  • Conduct risk assessments focused on identifying and protecting sensitive data

“As more stringent regulatory environments become the norm, this failure to act puts organizations at greater risk of regulatory sanctions and financial penalties,” according to Beazley.

Related posts