“Human Error” Ranked as the Top Cybersecurity Threat While Budgets Remain Misaligned

“Human Error” Ranked as the Top Cybersecurity Threat While Budgets Remain MisalignedNew insights into the state of data security show a clear focus on the weakest part of your security stance – your users – and organizations doing little to address it.

It’s frustrating when the answer is right there in front of the face of organizations today and you have to watch them scramble around the problem without really addressing it. This is exactly what I see in the data found in Thales’ 2022 Data Threat Report.

Within the report, we find data points of brilliance around awareness of the problem of users:

  • Human Error is seen as the highest threat to organizational security, with 38% of organizations ranking it as the top threat. For reference, Nation States was only a top concern for 28% of organizations.
  • 29% of organizations ranked ‘accidental human error’ as the top threat (and , again, for reference, only 17% ranked external attackers with financial motivation as a top threat)
  • 79% of organizations are concerned about the security risks with an increasingly remote workforce

It’s evident that users play a role in making an organization insecure, right? So, we’d expect to see lots of spending on ways to secure the user. But according to the report, organizations are prioritizing network security (e.g., Intrusion Prevention Solutions, gateways, firewalls), key management, cloud security, and zero trust solutions.

It seems like the focus is way too much on trying to prevent data from leaving, instead of stopping attackers from ever getting in. With the data showing organizations are very aware of the factor users play in cyberattacks, I would expect to see more focus on Security Awareness Training to reduce the threat surface of phishing – a primary attack vector in nearly every kind of cyber attack. This kind of training helps to establish good cyber hygiene, a sense of vigilance, and has been shown to reduce the risk of users falling for social engineering tactics employed within phishing attacks.

Get Your Customized Automated Security Awareness Program, ASAP!

Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization.

We’ve taken away all the guesswork with our Automated Security Awareness Program (ASAP).

ASAP is a revolutionary tool for IT professionals, which allows you to create a customized Security Awareness Program for your organization that will show you all the steps needed to create a fully mature training program in just a few minutes!

asap-monitor-1Here's how it works:

  • Answer seven questions about your organization’s goals, compliance needs, and culture
  • ASAP recommends suggested training content based on your answers
  • See a detailed calendar with a customized task lisk to get your program started
  • Easily export detailed and executive summary PDF versions of your program
  • Get a fully mature awareness program ready in 5 minutes

Get Started Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews