Businesses and individuals can, and should, use a variety of software products to help keep them safe online.
The most common are antivirus, VPNs, and firewalls.
However, the biggest weakness in any cybersecurity system is the human element.
Studies show that 95% of data breaches are because of human error.
That means 19 out of 20 data breaches wouldn’t have happened if it wasn’t for humans!
That’s just one of the terrifying human error cybersecurity statistics you’re about to learn.
In short, it doesn’t matter how good your software is if you haven’t trained yourself and your staff.
It only takes one error of judgment to introduce a virus or malware into your computer system.
It can take a lot of time and money to resolve the breach.
In addition, every data breach must be reported and your customers are likely to lose faith in your business.
It can be seriously detrimental to the success of the business.
Key Statistics
- 14% of people don’t lock their cell phones
- 50% of employees share access to a work device
- 20% of data breaches are a result of phishing
- Employees in 58% of businesses ignore cybersecurity guidelines
- 92% of businesses see accidental sharing of data by employees as a threat
- 46 million people use ‘123456789’ as their password
- 52% of individuals use the same password across multiple accounts
- Cybersecurity training costs are increasingly dramatically
Top Human Error Cybersecurity Statistics in 2025
1. 14% Of People Don’t Lock Their Cell Phones
The 2020 Proofpoint user risk report showed that 14% of people don’t use the lock feature on their mobile phone.
That’s approximately one in ten of the people surveyed.
What’s most concerning is that 41% of those surveyed use their phone for personal tasks as well as work-based ones.
It’s not all doom and gloom, 42% of people use either fingerprint or face recognition as a lock.
(Proofpoint)
Another interesting result from the Proofpoint survey was that 50% of employees share their work-based device with someone outside of their work.
In most cases this is a member of their immediate family or a close friend.
The problem is, most sharing is done to allow people to check emails.
It’s very easy for someone to accidentally click a link in an email and introduce malware or ransomware into the system.
When the device is connected to a work network this can quickly cause a lot of issues.
(Proofpoint)
3. 20% Of Data Breaches Are A Result Of Phishing
In 2020 Verizon conducted a data breach survey.
They discovered that in 20% of data breaches the attack started with a phishing email.
Individuals should have been able to avoid the data breach by not clicking on links or opening unknown emails
This reflects the biggest problem in data breaches, human error.
Misdelivery and misconfiguration were found to cause data breaches in 10% of cases.
(Verizon)
4. Employees In 58% Of Businesses Ignore Cybersecurity Guidelines
Having the strongest policies and even software systems is a waste of time if the guidelines are not followed.
Alarmingly, the cyber threats report found that 58% of employees would simply ignore the cybersecurity protocols in order to get the job done faster.
The problem is it’s not just employees, the report found they are simply copying the behavior of their managers.
85% of bosses admit to loosening cybersecurity to help employees get the job done.
This sets a precedent that employees will copy, effectively putting the system at risk.
(Netwrix 2020 Cyber Threat Report)
5. 92% Of Businesses See Accidental Sharing Of Data By Employees As A Threat
The Netwrix report shows that critical threat perception is a serious concern for most businesses.
In fact, 92% of businesses are concerned about the accidental sharing of data.
This generally means inputting data into links or sharing confidential information via emails.
Before Covid-19 only 58% of businesses were worried about this and saw it as a serious threat.
Post-pandemic, almost every business is concerned with data breaches, specifically by employee sharing.
(Netwrix 2020 Cyber Threat Report)
6. 46 Million People Use ‘123456789’ As Their Password
Your password is one of the most important security steps you can take.
A strong password makes it difficult for anyone to hack their way into company data.
In contrast, a weak one can be easily guessed and allows a hacker to access a wide array of confidential data.
The loss of this data can be seriously detrimental to any business.
Despite this, a 2021 survey by NordPass discovered that ‘123456’ is the most popular password in the world.
To give an idea of how common it is, consider the following:
- 46 million people use ‘123456789’
- 22 million use ‘qwerty’
- 21 million people use ‘password’
The survey showed that over 100 million people used ‘123456’!
It’s a very weak password and all users should change it immediately.
Eighty percent of data breaches as a result of hacking occur because the hacker figured out the password.
If you’re using one of the above it’s very easy for a hacker to guess it.
(NordPass)
7. 52% Of Individuals Use The Same Password Across Multiple Accounts
The average person has 27 user accounts, which means at least 27 unique passwords that need to be remembered.
The truth is, most people don’t have good memories.
Instead, they will use the same password on more than one account. For many, it’s the only way to remember all the passwords.
A recent Google survey highlighted that 52% of people use the same password on more than one account.
Unfortunately, if a hacker figures out your password they will gain access to multiple accounts.
That means they can do a lot of damage to you financially.
In many cases, the cybercriminal can guess the password by social engineering or credential stuffing.
(Google)
8. Cybersecurity Training Costs Are Increasingly Dramatically
Human error is responsible for the majority of data breaches.
Eliminating human error would protect millions of businesses from harm.
Companies across the planet seem to be thinking about this and have dramatically increased their spending on cybersecurity training.
To put this in context, in 2014 the world spent $1 billion on cybersecurity.
By 2027 it’s estimated this figure will be $10 billion!
Over 50% of businesses are dedicated to improving employee cybersecurity awareness.
(Netwrix 2020 Cyber Threat Report)
Why Human Errors Occur
Every human is capable of making errors.
The truth is everyone leads busy lives, it’s easy to be distracted or to make a mistake because you didn’t realize there was any risk associated with the action.
It can also be the result of sleep deprivation, stress, acting in haste without planning, or simply because someone is having an emotionally challenging day.
The truth is it’s almost impossible to eliminate human error.
However, it is possible to drastically reduce it.
How To Reduce Human Errors From Happening
It’s unlikely you can stop every human error from being made. The following can help reduce incidents relating to human error.
Boost Controls
Controls restrict access to data.
These controls should be implemented in every business and even some home environments.
The aim is to make it a little harder to access data and, therefore, more difficult for a hacker to get to the data.
The simplest approach is to limit access to those who really need it.
Alternatively, you can set systems up so any major task needs two pairs of eyes checking the task.
It will help to ensure human error doesn’t occur.
Manage Passwords
We’ve already seen that weak passwords are a real concern.
The problem is that many people reuse passwords simply because it’s easier to remember them all.
This approach increases the likelihood that the data will be accessed by someone else.
Help your employees and yourself by investing in a password management system for everyone.
This stops them from using post-it notes, electronic spreadsheets, and other poor-quality password-storing solutions.
The system will remember all usernames and passwords, it can even generate strong passwords for you to use.
All anyone needs to do is remember one password. That’s the one which gets you into the password manager to see the others.
These are all encrypted, making it virtually impossible for a hacker to get into your system with your password.
It’s also important that all passwords are unique and changed regularly.
It should be stipulated that they are strong, which means a certain length and the types of characters which need to be used.
Dual-Factor Authentication
On many systems it is possible to add dual-factor authentication. This is when a code is sent to your mobile device before you can access an account.
Businesses should incorporate this into their security strategy. It will help to keep all data safe.
Training
One way in which you can protect against human error is to train people.
A cybersecurity awareness program is all it takes to ensure people know what types of emails are dangerous and why links shouldn’t be clicked.
Regular training will help to ensure that all individuals know how to spot a potential attack, how not to get caught by it, and the best person to report the incident to.
This approach also ensures you have a rapid response in place if someone does accidentally click the wrong link.
As part of this program, you should make sure all users can ask questions whenever they need to. Knowledge is key to reducing human error data breaches.
Use Mail Filter Tools
Mail filter tools are simple to add to any email system, whether at home or work.
The filter tool will flag any email that appears suspicious, allowing you to pause before you look at it.
You can even set it to remove links in any external emails, effectively eliminating the potential for individuals to accidentally click a malicious link.
These types of tools are perfect when used in conjunction with employee training.
It dramatically reduces the possibility of human error cybersecurity issues.
Upgrade Systems
Everyone should be using antivirus software, firewalls, and other appropriate tools.
However, installing them isn’t enough.
Because the threats are constantly changing, software developers have to constantly update their programs.
These updates are available to all users and should be added to your software as soon as you can.
It will help to keep you protected even if someone clicks on the wrong link.
Lock Everything
You wouldn’t leave your home or office without locking it up.
It’s important to adopt the same approach to all electronic devices.
They should all be password protected and the locking feature should be activated whenever you leave them or finish using them.
Best of all, use a biometric lock. This means, even if you lose the device, no one else will be able to unlock it.
Summing Up
Human error is inevitable, but that doesn’t mean you need to become one of these human error cybersecurity statistics.
You simply need to be aware of the risks and take the right steps to reduce the likelihood of human error occurring on your system.
Humans don’t need to be the weakest link in your cybersecurity.
Provided you understand the errors that are possible, you can take steps to reduce the risk.
Anything you can do will help!