It’s easy to assume most, if not all, data breaches are malicious. Surely, attackers strike on purpose. However, almost two-thirds of data breaches start from mistakes, not an intent to cause harm. According to the Cost of Insider Threats Report from Ponemon, negligent employees create around 62% of security incidents, costing an average of $307,111 per incident.

From there, you might also assume accidental breaches would be less harmful. According to a study conducted by Aberdeen and commissioned by Code42, data breaches from insiders can cost as much as 20% of annual revenue. The impact may be similar regardless of the cause of the attack. However, the best way to handle a non-malicious breach is different than handling one done on purpose.

What Is a Non-Malicious Data Breach?

A non-malicious data breach happens when an employee causes a breach by mistake. Unlike malicious attacks, where an insider uses their access to cause trouble, non-malicious attacks are typically an accident or negligence. 

For example, if an employee clicks on a phishing email, then their action may cause ransomware to infect the network. Breaches can also happen if an employee exposes data by mistake that is then stolen. Or maybe an employee sends an email to the wrong person by accident, which the 2022 Psychology of Human Error Study found that 58% of employees had done at work.

How Should Companies Respond?

A company may not be aware of an insider breach for days or months after the attack. And the way they react can set the stage for employees coming forward in the future. Employees may not know that they made a mistake or may be afraid to tell leadership. Every day that passes without a company being aware of the breach means more damage.

Companies need to create a culture where employees feel comfortable admitting that they may have caused a breach. After all, that can reduce the damage. According to the 2022 Psychology of Human Error Study, distraction, stress and fatigue were key reasons why employees made mistakes that caused breaches. When companies react poorly to a non-malicious breach, the response can cause further stress. That only increases the risk for more issues in the future.

The study found that overall, 43% of people have made mistakes at work that compromised cybersecurity. However, age made a difference in employees admitting that their errors may have compromised cybersecurity. 50% of employees aged 18 to 30 said that they would admit mistakes compared to 10% of employees over age 51. By taking this tendency into account, you can work with older employees to make sure that they feel comfortable coming to leadership about potential breaches.

When a breach happens, leaders should thank the employee for coming forward about the potential issue. Let them know that everyone makes mistakes. By keeping the identity of the employee secret, other employees will also be more likely to come forward in the future. After all, they will not be concerned about public embarrassment or blame from coworkers. Next, the company should work closely with the employee to get all the details of the breach. That way, they can best contain the breach and repair any damage.

Should Companies Publicly Disclose an Accidental Breach?

One of the most important parts of managing a breach is communicating with the media and customers affected by it. When your company is breached, one of the biggest ramifications is customers and potential customers losing trust in your brand. The Institute for Public Relations advises that businesses should apologize very shortly after the breach becomes public. Additionally, they recommend that companies should be transparent. It will be much harder to rebuild trust if customers find out additional details from another source.

Internal Changes to Make After a Non-Malicious Breach

So, you’ve contained the breach and started the recovery process. What’s the next step? First, examine why the breach happened. Next, determine how to reduce the occurrence of non-malicious breaches in the future. Many organizations overlook this step with non-malicious breaches. In many ways, it is even more important in these types of breaches because the incident was caused by human error, not an attacker.

Here are two common changes businesses make after non-malicious breaches:

  • Training – Look at your current training to see if you need to add more content in a specific area. For example, let’s say the breach was caused by phishing. You may need to update your examples and signs to look for before clicking on links. You should also evaluate the frequency of your training. Many organizations decide to increase the frequency of cybersecurity training and look for ways to incorporate it into communications with employees instead of once-a-year training.
  • Tools – Take a look at your current cybersecurity tools to determine if you need to add more to help prevent the type of mistake that caused the breach. By combining tools with training, you can often reduce errors that cause breaches. For example, phishing tools that scan links in emails and warn employees about potential issues can help reduce non-malicious breaches.  

Often employees think of a breach in a single category. But non-malicious breaches are a bit different than others. By taking a thoughtful approach to the initial response and long-term changes, leaders can create a culture where employees feel responsible for cybersecurity and are also comfortable admitting mistakes.

More from Data Protection

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today