Are 95% of Data Security Breaches Caused by Human Error?
I came across two studies published a few years back that claimed human error was the leading cause of data breaches. The first was a joint study by Stanford and Tessian from 2022 that found that employee mistakes cause 88 percent of data breach incidents. The second was an IBM Security Study that found a fascinating and disheartening fact that over 95% of all incidents investigated recognize human error as a contributing factor.
Whenever I hear that “Human Error” was the cause, I think of Mark’s article, “Is Human Error A Root Cause?”. He concluded that “Human Error” was, OBVIOUSLY, not a root cause. It is a causal factor, which is the starting point of an investigation.
Of course, someone made a mistake. That is what humans do. It is why we are the least effective safeguards. So, when investigating human error in data breaches, what are the root causes?
In the Stanford and Tessian study, they found that there were some common errors people make.
- Sending emails to the wrong person.
- Sending the wrong attachment in an email.
- Responding to/falling for a phishing attack.
They reported these mistakes were made because the people were:
- distracted
- stressed
- tired
- working quickly
All of these are error traps and precursors but are not necessarily root causes.
To find a real root cause, you must understand what missing best practices could have prevented that error. What in the system that was missing that could have prevented that human performance difficulty?
This is why the TapRooT® Root Cause Tree® Diagram and Dictionary exist: to help people identify the real root causes of human error using facts and evidence.
You can learn more about how to find root causes by attending a 2-Day TapRooT® Root Cause Analysis course or a 5-Day TapRooT® Advanced Root Cause Analysis Team Leader Course.
Better than waiting for human error, there is another option.
Stopping Human Error
To be proactive, take the Stopping Human Error Course.
What’s in the Stopping Human Error Course? Here’s the Course Outline:
Day 1 (8:00 am to 5:00 pm)
- Foundations of Improving Human Performance
- Human Performance – What Should You Expect?
- Three Human Reliability Best Practices
- Mistake Proofing
- Resilience
- Safeguards
- Using TapRooT® Root Cause Analysis for Incidents & Learning Teams
- Human Performance Improvement Technology (Catch Your Own Mistakes)
- STAR
- Questioning Attitude
- Attention to Detail
- Time Out
- Error Traps & Precursors
- Validate Assumptions
- Work Direction/Finding Error Likely Situations
- Pre-Job Hazard Analysis
- Pre-Job Brief
- Personal Safety Assessment
- Post-Job Brief
- Training
- Systematic Approach to Training
- Using Procedures to Improve Human Performance
- Procedures Best Practices
- Procedure Use and Adherence
- Place Keeping
Day 2 (8:00 am to 5:00 pm)
- Communications
- 3-Way Communication
- Do Not Disturb Sign
- Management System
- Conservative Decision Making
- Stopping Normalization of Deviation
- MOC
- Quality Control
- Independent Verification
- Concurrent Verification
- Human Factors Engineering
- Best Practices (Spot Bad Practices)
- Proactive Use of CHAP
- Hazard/Target Elimination or Substitution
- Improvement Exercise
- What Should You Improve/Which Tools Will Work Best for You?
- Sample Plan
- Present Your Plan (Benchmarking/Feedback)
With the exercises built-in to try the techniques, this is an active, fast-moving 2-day course.
You will leave this course with a clear understanding of methods to improve human performance and a custom plan to apply those methods at your company to achieve great gains in safety, quality, or operational and maintenance performance (all of which depend on human performance).
As part of the course materials, participants receive the book Stopping Human Error, a $99.95 value. In addition, they receive the course workbook, a certificate of completion, and a 90-day subscription to TapRooT® VI Software, our dynamic cloud-based software that computerizes the TapRooT® RCA Techniques.
To register for the course, CLICK HERE.
