ICO Report Reveals ‘Phishing’ Not The Top Threat To Email

The Information Commissioner's Office (ICO) has released its second data security trend report of 2021, detailing all the reported cyber and non-cyber incidents that occurred during the last quarter.

We have taken the opportunity to look back over the past four quarterly reports, interpreting the statistics to understand the current rate and patterns of cybercrime in the UK.

When considering data breaches from the past year, phishing emerged as the top cybersecurity threat, with a total of 1,016 reported incidents.

This is supported by research from the Anti Phishing Working Group (APWG), which recorded a staggering 145,771 reports of phishing attacks in January 2021.

Many resources and software solutions are available to protect your business from cyber incidents, yet phishing is only part of the broader cybersecurity challenge.

According to the ICO reports, there were 9,758 recorded security incidents overall, with only 2,759 of these being classified as cyber incidents. The remaining 6,999 were non-cyber incidents caused by human error, with the most frequent being misfired emails, totalling 1,637 reports.

This means there were 621 more reports concerning missent emails than phishing incidents, making it 61% more likely for businesses to send an email containing sensitive data to the wrong recipient than to suffer a successful phishing attempt.

The high number of outbound email-related data breaches is alarming, especially as email remains a critical tool for businesses to exchange sensitive information.

It is estimated that the average office worker sends 40 emails each day, providing them with 200 opportunities a week to accidentally send data to the wrong recipient. When considering that 95% of overall cybersecurity breaches are caused by human error, it becomes clear that organisations need to focus on the human side of security.

Research indicates that security-related risks can be reduced by 70% when businesses invest in cybersecurity training and awareness. While such training is abundant for issues like phishing, it is critically lacking for risks associated with human error.

Companies need to address the underlying issues contributing to human error and establish long-term strategies to counteract them. The main factors believed to cause the most impact include:

• Employee Stress
• Increasing Workloads
• Distractions While Working From Home

Between 2019 and 2020, an estimated 828,000 workers were affected by work-related stress, depression, or anxiety, with 32.8% citing increased workload as the main cause.

Additionally, 44.4% of employees working from home have experienced a decline in their mental health, with distractions such as video games, laundry, TV, cooking, and childcare interrupting their workdays.

Introducing built-in tools to mitigate threats, streamline workflows, and support staff in safely carrying out their duties, both in the office and from home, is crucial for tackling the growing issue of human error.

Businesses that adopt an employee-centric approach will provide a secure environment for workers, fostering well-being and reducing the risks of negative mental health and the associated errors that come with it.

References:

The Information Commissioner's Office (ICO), ICO, 2021

Anti Phishing Working Group (APWG) Q1 2021 Trends Report, APWG, 2021

How Many Work Emails Is Too Many?, The Guardian, 2019

Cybersecurity Facts and Statistics, ThriveDX, 2021

Reducing Security-Related Risks, Pensar, 2021

Work-Related Stress Statistics, Health and Safety Executive, 2020

Managing Employee Workload Stress, Benenden Health, 2021

The Impact of Email on Mental Health, Website Planet, 2021

Reviewed By:

Sabrina McClune, 21.06.24

Sam Kendall, 21.06.24