IT team setting up secure email for their business
2 min

ICO Report Reveals ‘Phishing’ Not The Top Threat To Email

Posted by Picture of Team B.E. Team B.E.

The Information Commissioners Office (ICO) has released its second data security trend report of 2021, detailing all the reported cyber and non-cyber incidents that have occurred during the last quarter.

We have taken the opportunity to look back over the past four quarterly reports, interpreting the statistics to establish the current rate and patterns of cybercrime in the UK.

When considering data breaches from the past year, phishing was the No. 1 cybersecurity threat, with a total of 1016 reported incidents. This is backed up by research from the Anti Phishing Working Group (APWG), which found a record-breaking 145,771 reports of phishing attacks in January 2021.

There are currently many resources and software out there dedicated to protecting your business from cyber incidents, however, phishing is only part of the overarching cybersecurity problem.

According to the ICO reports, there were 9,758 recorded security incidents altogether, with only 2,759 of these being classified as cyber incidents. The remaining 6,999 were classed as non-cyber incidents, caused by human error, with the most frequent incident being misfired emails, with 1637 reports.

This means that there were 621 more reports concerning missent emails than reports of phishing, making it 61% more likely for businesses to send an email containing sensitive data to the wrong recipient than to fall victim to a successful phishing attempt.

This number of outbound email-related data breaches is concerning, especially as email is a vital tool for businesses to send and receive information that is often sensitive in nature.

It is estimated that the average office worker sends 40 emails each day, giving them 200 opportunities a week to inadvertently send data to the wrong recipient. When we also factor in that 95% of overall cybersecurity breaches are caused by human error, it is clear that it is time for organisations to focus on the human side of security.

It is estimated that security-related risks can be reduced by 70% when businesses invest in cybersecurity training and awareness. Such training is abundant for cyber issues such as phishing but sorely lacking for human error related risks.

Companies need to highlight the underlying issues contributing to human error and establish long-term strategies to counteract them, with the main factors thought to cause the most impact being:

  • Employee stress
  • Increasing workloads
  • Distractions while working from home

Between 2019 and 2020, there were an estimated 828,000 workers affected by work-related stress, depression or anxiety, with 32.8% rating heightened workload as the main cause.

Not to mention that 44.4% of employees who work from home have experienced a decline in their mental health, along with regular distractions such as video games, laundry, TV, cooking and childcare playing a part in interrupting their workdays.

Introducing built-in tools to mitigate threats, streamline workflows, and support staff with safely carrying out their duties, both in the office and from home, is imperative for tackling the growing issue of human error.

Businesses that adopt an employee-centric approach will provide a secure environment for workers, fostering wellbeing and reducing the risks of negative mental health and the associated errors that come with it.


Originally posted on 22 11 21
Last updated on December 21, 2023

Posted by: Team B.E.

Articles and resources posted by Team B.E. are the result of a collaborative production process involving all our experts in digital identity, encryption, authentication and media. To learn more about the individuals in the team, visit our about us page.

Return to listing