It’s easy to assume most, if not all, data breaches are malicious. Surely, attackers strike on purpose. However, almost two-thirds of data breaches start from mistakes, not an intent to cause harm. According to the Cost of Insider Threats Report from Ponemon, negligent employees create around 62% of security incidents, costing an average of $307,111 per incident.

From there, you might also assume accidental breaches would be less harmful. According to a study conducted by Aberdeen and commissioned by Code42, data breaches from insiders can cost as much as 20% of annual revenue. The impact may be similar regardless of the cause of the attack. However, the best way to handle a non-malicious breach is different than handling one done on purpose.

What is a non-malicious data breach?

A non-malicious data breach happens when an employee causes a breach by mistake. Unlike malicious attacks, where an insider uses their access to cause trouble, non-malicious attacks are typically an accident or negligence.

For example, if an employee clicks on a phishing email, then their action may cause ransomware to infect the network. Breaches can also happen if an employee exposes data by mistake that is then stolen. Or maybe an employee sends an email to the wrong person by accident, which the 2022 Psychology of Human Error Study found that 58% of employees had done at work.

How should companies respond?

A company may not be aware of an insider breach for days or months after the attack. And the way they react can set the stage for employees coming forward in the future. Employees may not know that they made a mistake or may be afraid to tell leadership. Every day that passes without a company being aware of the breach means more damage.

Companies need to create a culture where employees feel comfortable admitting that they may have caused a breach. After all, that can reduce the damage. According to the 2022 Psychology of Human Error Study, distraction, stress and fatigue were key reasons why employees made mistakes that caused breaches. When companies react poorly to a non-malicious breach, the response can cause further stress. That only increases the risk for more issues in the future.

The study found that overall, 43% of people have made mistakes at work that compromised cybersecurity. However, age made a difference in employees admitting that their errors may have compromised cybersecurity. 50% of employees aged 18 to 30 said that they would admit mistakes compared to 10% of employees over age 51. By taking this tendency into account, you can work with older employees to make sure that they feel comfortable coming to leadership about potential breaches.

When a breach happens, leaders should thank the employee for coming forward about the potential issue. Let them know that everyone makes mistakes. By keeping the identity of the employee secret, other employees will also be more likely to come forward in the future. After all, they will not be concerned about public embarrassment or blame from coworkers. Next, the company should work closely with the employee to get all the details of the breach. That way, they can best contain the breach and repair any damage.

Should companies publicly disclose an accidental breach?

One of the most important parts of managing a breach is communicating with the media and customers affected by it. When your company is breached, one of the biggest ramifications is customers and potential customers losing trust in your brand. The Institute for Public Relations advises that businesses should apologize very shortly after the breach becomes public. Additionally, they recommend that companies should be transparent. It will be much harder to rebuild trust if customers find out additional details from another source.

Internal changes to make after a non-malicious breach

So, you’ve contained the breach and started the recovery process. What’s the next step? First, examine why the breach happened. Next, determine how to reduce the occurrence of non-malicious breaches in the future. Many organizations overlook this step with non-malicious breaches. In many ways, it is even more important in these types of breaches because the incident was caused by human error, not an attacker.

Here are two common changes businesses make after non-malicious breaches:

  • Training – Look at your current training to see if you need to add more content in a specific area. For example, let’s say the breach was caused by phishing. You may need to update your examples and signs to look for before clicking on links. You should also evaluate the frequency of your training. Many organizations decide to increase the frequency of cybersecurity training and look for ways to incorporate it into communications with employees instead of once-a-year training.
  • Tools – Take a look at your current cybersecurity tools to determine if you need to add more to help prevent the type of mistake that caused the breach. By combining tools with training, you can often reduce errors that cause breaches. For example, phishing tools that scan links in emails and warn employees about potential issues can help reduce non-malicious breaches.

Often employees think of a breach in a single category. But non-malicious breaches are a bit different than others. By taking a thoughtful approach to the initial response and long-term changes, leaders can create a culture where employees feel responsible for cybersecurity and are also comfortable admitting mistakes.

More from Risk Management

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today