These breaches don’t hit the news cycle in the same way, but they are a lot more common, and they’re just stupid careless mistakes for the most part.
“Some 2,124 reports could be attributed to human error, compared to just 292 that were deliberate cyber incidents, Kroll said, with the most common types of incidents being confidential data being emailed to the incorrect recipient (447 incidents), loss or theft of paperwork (438) and data left in an insecure location (164).”
Let me just state that, IMHO, these will continue, and always be more frequent, for two reasons.
1. We’re human, mistakes will happen.
2. Hardly anyone has to deal with any consequences for the kinds of behaviors that lead to this.
Think about it, when was the last time someone outside of the government got fired for using Dropbox when they shouldn’t have? Or for keeping a copy of data that should have been deleted? For emailing data that should be encrypted? Printing confidential information and being careless with it?
Yeah, it may happen when it leads to a breach, but if they weren’t doing it to start with, the breach wouldn’t have happened. Remember, you get more of what you measure. Do we even measure whether people are following the proper policies and procedures as part of their normal evaluation process? If not, why would they take it seriously?
We’ve allowed people to be careless, we shouldn’t act surprised when that carelessness leads to a breach.