Call us on 03450 21 21 51

Are your team the greatest threat to your information security?
The SRM Blog

Are your team the greatest threat to your information security?

Melanie Taylor

Written by Melanie Taylor

13th December 2019

Share this article

information security breach

Did you know that internal errors account for more security breaches than direct attacks from external hackers, according to recent research

Today, big breaches are big news. From Fortnite in January to Facebook in April, reports of attacks on big brands are hitting the headlines with greater and greater frequency.

Of the tens of thousands of breaches occurring every day, it’s the stories of data swipes made by frightening and mysterious hackers lurking in the shadows that always seem to take the headlines. However, it’s worth pointing out that malicious external hacks actually account for a relatively small proportion of all data breaches. In fact, the most likely source of a breach within a business is from within your organisation.

To those in the know about information security, this won’t be particularly surprising – a recent survey by Egress found that an overwhelming 95% of IT leaders consider insider threats to be a concern for their organisation, while 60% expected to suffer an accidental breach within a 12 month period.


“The call is coming from inside the house”

Frequent reports of external cyberattacks have rightly led businesses to be more cautious than ever when it comes to their information security, investing in robust protections. But internal measures – particularly education of staff – are as important as external ones, if not more so.

While breaches can be due to malicious attacks from team members, it is far more likely to be the result of genuine mistakes by staff. Earlier this year a report from Kaspersky Labs revealed that 90% of breaches could be attributed to human error. Accidental sharing of data, poor password management and falling victim to social engineering attacks are all common issues that can result in catastrophic problems for an organisation.

While we are all aware that technology is moving on at a pace, it is evident that not enough is being done within many businesses to keep employees abreast of the latest threats – or provide the necessary training to support best practice.

Some of the most common mistakes businesses can make include forgetting the basics of security, like having secure passwords, taking precautions in email correspondence and safeguarding paperwork.

A frequent error made by companies (particularly smaller enterprises) is believing that a breach is unlikely happen to them. Cyberthreats are fast-becoming the reality for businesses all over the world — big or small — and taking steps to prevent an attack, rather than respond to it, almost always costs far less time and money in the long run.


The takeaways

Even the most sophisticated security systems can be brought down by carelessness and lack of knowledge. Education should be an ongoing and central part of any information security strategy to improve risk posture and reduce the likelihood of a breach.

Improving the security of your business is a continuous cultural change, rather than a one-time fix. Helping your team understand more about the threats to information security will stand you in greater stead when it comes to facing threats.

Looking to improve your security by training your staff more effectively and safeguarding against avoidable data breaches? Get in touch with the team here at SRM today. Call on 03450 21 21 51 or drop us an email at


Back to top