Ever Wondered How Hackers Get In?

Ever Wondered How Hackers Get In?

No matter how hard we might try to do things the right way, mistakes happen. Unfortunately, within the context of cybersecurity, hackers exploit human error to breach virtual systems.

In 2022, the World Economic Forum estimated that 95 percent of cyber breaches were due to human error.

We’ve all seen the headlines about how cyber breaches can cost large companies millions of dollars and impact individuals’ privacy, but smaller businesses are just as vulnerable to cyber breaches. With cyber breaches costing thousands to millions of dollars and threatening the viability of organizations globally, understanding the relationship between human behavior and cyber breaches can help businesses minimize the risk employees pose to their cybersecurity posture.

Defining human error in the context of cybersecurity

In a cybersecurity context, human error refers to unintentional actions or a lack of action by individuals which creates, allows, causes, or spreads a cybersecurity breach. We can categorize the wide swath of human error into two general buckets: skill-based errors and decision-based errors.

  • Skill Based Error

          Skill-based errors occur when a person knows the correct course of action, but fails to follow it due to a temporary lapse in judgement or negligence.

          An example of this is when someone has been trained to identify phishing, but for some reason still clicks on a phishing email which might lead to breach.

  • Decision-Based Error

         Decision-based errors refer to actions that don’t achieve their intended outcome due to a lack of knowledge, or situations in which a person misclassifies a situation because they don’t understand the risk at hand.

         For example, an employee might upload sensitive information to a publicly accessible database because they’ve assumed that the Cloud was protected when it wasn’t.

The connection between human error & cybersecurity incidents

Here are some common situations in which human error creates cybersecurity vulnerabilities for businesses:

  • Using weak passwords & reusing old passwords
  • Failing to patch or update software in a timely manner
  • Leaving laptop open or sensitive documents unattended
  • Clicking on a phishing email
  • Sending confidential, sensitive information to the wrong person
  • Accidentally approving false authentication attempts
  • Misconfiguring security controls
  • Downloading & using unauthorized software
  • Providing employees access to systems they don’t need to access
  • Connecting to a public wi-fi network or an unsecured network while working remotely

Addressing the role of people in cyber breaches

One of the best ways you can address the human element in your organization’s cybersecurity is to address a lack of knowledge with training. Incentivize the completion of training, educate your employees about best practices, and include attack simulations in your training efforts. Make use of interactive training models to ensure that employees engage with the necessary information to reduce the likelihood of a cyber event happening. And it isn’t enough to just train your employees once. Regularly educate them regarding best practices and how an evolving cyber security threat landscape overlaps with the work they do and the virtual systems they use.

In addition to training employees, it is recommended to implement the following measures to help improve your organization’s cybersecurity:

  • Multi-Factor Authentication (MFA) for all users
  • Employ a password manager across your user base
  • A principle of least privilege policy
  • Use a Virtual Private Network (VPN)
  • Secure Remote Desktop Protocol (RDP)
  • Encrypted backups
  • Removal of end-of-life (EOL) and end-of-service life (EOSL) devices and software
  • Endpoint detection & response (EDR) solution to monitor and stop suspicious activity
  • Enable and analyze logs for your devices and digital landscape
  • Patch management program
  • Have an incident response plan and continually test it

How your broker can help you

In addition to finding and placing coverage, we can also connect you to valuable resources, including cyber security training for your employees, so that you can stay ahead of malicious actors should they choose to strike.

Because we know that situations can go awry even when we take preventive measures, it’s important for you to have cyber insurance in place for your business. In the event of a cyber breach, cyber insurance provides critical financial protection that can mean the difference between having to close your operations or stay afloat.


Connect with our team today to learn more about how we can help you get the cyber coverage you need.

This material has been prepared for informational purposes only. BRP Group, Inc. and its affiliates, do not provide tax, legal or accounting advice. Please consult with your own tax, legal or accounting professionals before engaging in any transaction.

Comments are closed.

Table of Contents

Recents Post
June Pulse
June 2024 The Pulse Newsletter
Golf cc hospitality state of the market
Hospitality, Golf, and Country Club Market Update
Heat Related webpage
Heat Illness and Workers' Safety Precautions

This document is intended for general information purposes only and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. Baldwin Risk Partners, LLC (“BRP”), its affiliates, and subsidiaries do not guarantee that this information is, or can be relied on for, compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. BRP does not guarantee any particular outcome and makes no commitment to update any information herein or remove any items that are no longer accurate or complete. Furthermore, BRP does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content. Persons requiring advice should always consult an independent adviser.

Baldwin Risk Partners, LLC offers insurance services through one or more of its insurance licensed entities. Each of the entities may be known by one or more of the logos displayed; all insurance commerce is only conducted through BRP insurance licensed entities. This material is not an offer to sell insurance.

Get in contact with an advisor today to see how BKS can support you.