A TechValidate survey asked IT professionals what incidents caused the most damage to their security. The top answer may surprise you: 60 percent of IT professionals name user errors as the source of the most damage to their security.
And yet, malicious activity, malware, and hackers are more commonly named as threats:
- 65 percent of IT professionals are worried about outside attacks on their IT.
- Only 55 percent share the same concern with user errors.
Because this discrepancy suggests IT consultants could be underestimating some risks, let's take a closer look at a few data breach statistics.
Underestimating Damage Caused by User Error
User mistakes and outside threats are both serious risks for an organization. As the numbers above demonstrate, IT professionals may underestimate how much damage employee blunders can cause.
So why are techies less concerned about employee mistakes? Some of this disparity may have to do with the simple fact that you're hired to work on technology, not educate a workforce. But maybe they should be thinking about education.
According to ZDNet, over 90 percent of the data breaches in the first half of 2014 were preventable. Some of these breaches could have been prevented by upgrading IT, but many of them were caused by user errors. Each year employees make numerous preventable mistakes that lead to costly security breaches, including…
- Losing devices.
- Falling prey to phishing scams.
- Using bad, hackable passwords.
A comprehensive data breach plan – one that protects your clients and protects you from E&O lawsuits – will have to account for outside threats and user errors.
The Data Says WHAT? More Surprising Finds in IT Tech Liability
Infosecurity Magazine reports the findings of additional TechValidate surveys that found most companies may be using drastically outdated IT products and policies:
Your business could face some unexpected risks if you work with clients who don't understand their cyber risk exposure. If you're hired to upgrade a client's software, but an employee blunder leads to a data breach, your client might be furious that your technology wasn't able to protect them. They won't understand that user errors can expose even the strongest IT.
Why Employee Mistakes Can Lead to Lawsuits
Can you be blamed if a client's security is compromised due to an employee mistake? Yes, you can.
IT contractor liability is a complicated thing. You can see lawsuits for all sorts of reason. Disgruntled clients may pin the blame on your for their own mistakes. Let's cover a couple examples:
- A client's employee clicks on a phishing email and infects their network with malware. You could be sued if your software failed to detect and stop the malware.
- Your client is using grossly outdated access control technology that doesn't allow them to limit which employees can access protected data. When cyber criminals compromise one employee's account, they're able to steal nearly all the company's protected data. Even though the client was relying on old technology, they could sue you because it was your IT that failed.
To limit their financial risk exposure, many IT consultants invest in Errors and Omissions Insurance with third-party cyber liability coverage because it can cover your legal costs when clients sue you over security breaches.
To learn more about managing your risk exposure, check out our blog post "How You Could Be Sued after a Data Breach."