It’s easy to assume most, if not all, data breaches are malicious. Surely, attackers strike on purpose. However, almost two-thirds of data breaches start from mistakes, not an intent to cause harm. According to the Cost of Insider Threats Report from Ponemon, negligent employees create around 62% of security incidents, costing an average of $307,111 per incident.

From there, you might also assume accidental breaches would be less harmful. According to a study conducted by Aberdeen and commissioned by Code42, data breaches from insiders can cost as much as 20% of annual revenue. The impact may be similar regardless of the cause of the attack. However, the best way to handle a non-malicious breach is different than handling one done on purpose.

What Is a Non-Malicious Data Breach?

A non-malicious data breach happens when an employee causes a breach by mistake. Unlike malicious attacks, where an insider uses their access to cause trouble, non-malicious attacks are typically an accident or negligence. 

For example, if an employee clicks on a phishing email, then their action may cause ransomware to infect the network. Breaches can also happen if an employee exposes data by mistake that is then stolen. Or maybe an employee sends an email to the wrong person by accident, which the 2022 Psychology of Human Error Study found that 58% of employees had done at work.

How Should Companies Respond?

A company may not be aware of an insider breach for days or months after the attack. And the way they react can set the stage for employees coming forward in the future. Employees may not know that they made a mistake or may be afraid to tell leadership. Every day that passes without a company being aware of the breach means more damage.

Companies need to create a culture where employees feel comfortable admitting that they may have caused a breach. After all, that can reduce the damage. According to the 2022 Psychology of Human Error Study, distraction, stress and fatigue were key reasons why employees made mistakes that caused breaches. When companies react poorly to a non-malicious breach, the response can cause further stress. That only increases the risk for more issues in the future.

The study found that overall, 43% of people have made mistakes at work that compromised cybersecurity. However, age made a difference in employees admitting that their errors may have compromised cybersecurity. 50% of employees aged 18 to 30 said that they would admit mistakes compared to 10% of employees over age 51. By taking this tendency into account, you can work with older employees to make sure that they feel comfortable coming to leadership about potential breaches.

When a breach happens, leaders should thank the employee for coming forward about the potential issue. Let them know that everyone makes mistakes. By keeping the identity of the employee secret, other employees will also be more likely to come forward in the future. After all, they will not be concerned about public embarrassment or blame from coworkers. Next, the company should work closely with the employee to get all the details of the breach. That way, they can best contain the breach and repair any damage.

Should Companies Publicly Disclose an Accidental Breach?

One of the most important parts of managing a breach is communicating with the media and customers affected by it. When your company is breached, one of the biggest ramifications is customers and potential customers losing trust in your brand. The Institute for Public Relations advises that businesses should apologize very shortly after the breach becomes public. Additionally, they recommend that companies should be transparent. It will be much harder to rebuild trust if customers find out additional details from another source.

Internal Changes to Make After a Non-Malicious Breach

So, you’ve contained the breach and started the recovery process. What’s the next step? First, examine why the breach happened. Next, determine how to reduce the occurrence of non-malicious breaches in the future. Many organizations overlook this step with non-malicious breaches. In many ways, it is even more important in these types of breaches because the incident was caused by human error, not an attacker.

Here are two common changes businesses make after non-malicious breaches:

  • Training – Look at your current training to see if you need to add more content in a specific area. For example, let’s say the breach was caused by phishing. You may need to update your examples and signs to look for before clicking on links. You should also evaluate the frequency of your training. Many organizations decide to increase the frequency of cybersecurity training and look for ways to incorporate it into communications with employees instead of once-a-year training.
  • Tools – Take a look at your current cybersecurity tools to determine if you need to add more to help prevent the type of mistake that caused the breach. By combining tools with training, you can often reduce errors that cause breaches. For example, phishing tools that scan links in emails and warn employees about potential issues can help reduce non-malicious breaches.  

Often employees think of a breach in a single category. But non-malicious breaches are a bit different than others. By taking a thoughtful approach to the initial response and long-term changes, leaders can create a culture where employees feel responsible for cybersecurity and are also comfortable admitting mistakes.

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read