It’s easy to assume most, if not all, data breaches are malicious. Surely, attackers strike on purpose. However, almost two-thirds of data breaches start from mistakes, not an intent to cause harm. According to the Cost of Insider Threats Report from Ponemon, negligent employees create around 62% of security incidents, costing an average of $307,111 per incident.

From there, you might also assume accidental breaches would be less harmful. According to a study conducted by Aberdeen and commissioned by Code42, data breaches from insiders can cost as much as 20% of annual revenue. The impact may be similar regardless of the cause of the attack. However, the best way to handle a non-malicious breach is different than handling one done on purpose.

What is a non-malicious data breach?

A non-malicious data breach happens when an employee causes a breach by mistake. Unlike malicious attacks, where an insider uses their access to cause trouble, non-malicious attacks are typically an accident or negligence.

For example, if an employee clicks on a phishing email, then their action may cause ransomware to infect the network. Breaches can also happen if an employee exposes data by mistake that is then stolen. Or maybe an employee sends an email to the wrong person by accident, which the 2022 Psychology of Human Error Study found that 58% of employees had done at work.

How should companies respond?

A company may not be aware of an insider breach for days or months after the attack. And the way they react can set the stage for employees coming forward in the future. Employees may not know that they made a mistake or may be afraid to tell leadership. Every day that passes without a company being aware of the breach means more damage.

Companies need to create a culture where employees feel comfortable admitting that they may have caused a breach. After all, that can reduce the damage. According to the 2022 Psychology of Human Error Study, distraction, stress and fatigue were key reasons why employees made mistakes that caused breaches. When companies react poorly to a non-malicious breach, the response can cause further stress. That only increases the risk for more issues in the future.

The study found that overall, 43% of people have made mistakes at work that compromised cybersecurity. However, age made a difference in employees admitting that their errors may have compromised cybersecurity. 50% of employees aged 18 to 30 said that they would admit mistakes compared to 10% of employees over age 51. By taking this tendency into account, you can work with older employees to make sure that they feel comfortable coming to leadership about potential breaches.

When a breach happens, leaders should thank the employee for coming forward about the potential issue. Let them know that everyone makes mistakes. By keeping the identity of the employee secret, other employees will also be more likely to come forward in the future. After all, they will not be concerned about public embarrassment or blame from coworkers. Next, the company should work closely with the employee to get all the details of the breach. That way, they can best contain the breach and repair any damage.

Should companies publicly disclose an accidental breach?

One of the most important parts of managing a breach is communicating with the media and customers affected by it. When your company is breached, one of the biggest ramifications is customers and potential customers losing trust in your brand. The Institute for Public Relations advises that businesses should apologize very shortly after the breach becomes public. Additionally, they recommend that companies should be transparent. It will be much harder to rebuild trust if customers find out additional details from another source.

Internal changes to make after a non-malicious breach

So, you’ve contained the breach and started the recovery process. What’s the next step? First, examine why the breach happened. Next, determine how to reduce the occurrence of non-malicious breaches in the future. Many organizations overlook this step with non-malicious breaches. In many ways, it is even more important in these types of breaches because the incident was caused by human error, not an attacker.

Here are two common changes businesses make after non-malicious breaches:

  • Training – Look at your current training to see if you need to add more content in a specific area. For example, let’s say the breach was caused by phishing. You may need to update your examples and signs to look for before clicking on links. You should also evaluate the frequency of your training. Many organizations decide to increase the frequency of cybersecurity training and look for ways to incorporate it into communications with employees instead of once-a-year training.
  • Tools – Take a look at your current cybersecurity tools to determine if you need to add more to help prevent the type of mistake that caused the breach. By combining tools with training, you can often reduce errors that cause breaches. For example, phishing tools that scan links in emails and warn employees about potential issues can help reduce non-malicious breaches.

Often employees think of a breach in a single category. But non-malicious breaches are a bit different than others. By taking a thoughtful approach to the initial response and long-term changes, leaders can create a culture where employees feel responsible for cybersecurity and are also comfortable admitting mistakes.

More from Risk Management

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today