By Ashwani Mishra, Editor-Technology, 63SATS
Imagine a pilot leaving the cockpit door unlocked mid-flight, a bank teller handing a customer’s account details to a scammer by mistake, or a doctor misreading a crucial prescription—seemingly minor lapses with potentially catastrophic outcomes.
Similarly, in the digital world, a single human error—an employee clicking on a phishing link or misusing credentials—can set off a chain reaction leading to massive data breaches.
A recent study by Mimecast underscores this reality, revealing that human error was the driving force behind 95% of data breaches in 2024.
The Human Risk Factor: Insider Threats & Careless Clicks
The study found that a small percentage of employees were responsible for a disproportionate number of security lapses.
Just 8% of employees accounted for 80% of all cybersecurity incidents, demonstrating how a few missteps can compromise an entire organization.
One of the most high-profile breaches of the past year, the Change Healthcare ransomware attack, highlights the impact of human mistakes. Attackers gained access to the company’s network by exploiting an employee’s stolen credentials, obtained through a phishing email. This single act of negligence led to a significant security breach, underscoring the persistent challenge of insider threats and credential misuse.
The report also found that nearly half (43%) of security leaders observed an increase in internal threats—caused by compromised, careless, or negligent employees—in the past year. Worryingly, 66% expect data loss incidents involving insiders to rise even further in the coming year, making human risk a growing concern for organizations worldwide.
The High Cost of Human Error
Mistakes are not just disruptive; they are expensive. Organizations impacted by insider-driven security breaches reported an average cost of $13.9 million per incident. These costs stem from regulatory fines, operational disruptions, legal liabilities, and reputational damage.
Many companies recognize the risks and have invested in employee cybersecurity training. According to the report, 87% of organizations conduct cyber-awareness training at least once per quarter. Yet, despite these efforts, human error remains a significant concern. Over a third (33%) of security leaders fear that employees still make mistakes when handling email-based threats, while 27% believe that fatigue and complacency are leading to dangerous lapses in vigilance.
AI: A Double-Edged Sword in Cybersecurity
To counter these threats, organizations are increasingly relying on artificial intelligence (AI). The study found that 95% of companies are leveraging AI-powered solutions to defend against cyber-attacks and insider threats. These tools help detect anomalies, flag phishing attempts, and mitigate risks posed by negligent or compromised employees.
However, AI-driven threats are also on the rise. More than half (55%) of security leaders admitted that their organizations are unprepared for sophisticated cyber-attacks powered by AI. Additionally, 81% expressed concern about the risk of sensitive data leaks through generative AI (GenAI) tools, which can be exploited by both insiders and external threat actors.
The Expanding Attack Surface: Collaboration Tools at Risk
While companies are increasing their cybersecurity budgets—85% reported an increase in spending over the past 12 months—many organizations still face gaps in protection. Nearly 57% of security leaders say more resources are needed for hiring cybersecurity staff and investing in third-party services. Other priority areas include enhancing security for collaboration tools (52%) and email security (47%).
Collaboration tools such as Slack, Zoom, and Microsoft Teams, designed to improve workplace efficiency, have also introduced new security risks. The study found that 79% of security professionals believe these tools expand the attack surface, creating additional security vulnerabilities. Nearly half (44%) of respondents reported a rise in cyber threats targeting collaboration tools in the past year, while 61% believe a major security incident involving these platforms is inevitable by 2025.
Strengthening the Human Firewall
While AI and security solutions continue to evolve, they cannot fully compensate for lapses in human judgment. Organizations must adopt a multi-layered approach—combining advanced security tools, robust training programs, and a culture of cybersecurity awareness—to mitigate risks posed by insider threats.
In the digital age, even a single careless click can bring down an entire enterprise.
