Skip navigation Jump to main navigation

Accounting for the Human Element of Cyber Risk

It’s human nature to make mistakes. Particularly when people are tired and overworked, mistakes happen more often. James Bone, a lecturer for the Master of Science in Enterprise Risk Management program at Columbia University’s School of Professional Studies, said human error is especially a problem when it comes to managing cyber exposures. Most surveys on the topic point to people as the root cause of breaches, which begs the question of whether professionals are considering the “human element” in their cyber risk management plan. In the Information Commissioner’s Office’s first quarterly report of 2018, the top five causes involved some element of human error:

  1. Loss or theft of paperwork (91 incidents)

  2. Data posted or faxed to incorrect recipient (90 incidents)

  3. Data sent by email to incorrect recipient (33 incidents)

  4. Insecure web page (including hacking) (21 incidents)

  5. Loss or theft of unencrypted device (28 incidents)

Because of this, Bone urges creation of a cognitive risk framework, the purpose of which is “to begin to educate risk professionals about the need to incorporate the human element into their risk programs, to identify areas where human error or lapses can cause significant damage, and then design effective solutions,” he says.

Read the full story at Risk Management Monitor