{"id":27036,"date":"2026-03-24T07:00:10","date_gmt":"2026-03-24T06:00:10","guid":{"rendered":"https:\/\/smecyberinsights.co.uk\/?p=27036"},"modified":"2026-03-25T11:43:13","modified_gmt":"2026-03-25T10:43:13","slug":"human-v-hacker","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2026\/03\/24\/human-v-hacker\/","title":{"rendered":"SME cybersecurity: what ratio of human error versus cybercriminal in data breach losses?"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"Partners1_NordVPN\"<\/figure><\/div>
\"Partners3_R3\"<\/figure><\/div>
\"Partners2_Zoho\"<\/figure><\/div>
\"Partners4_Plesk\"<\/figure><\/div>
\"Partners7_Passware\"<\/figure><\/div>
\"Red_Button_Slider\"<\/figure><\/div>
\"ogo2\"<\/figure><\/div>
\"Detection.<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SECURUS\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SME\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
Image Credit: SenivPetro via FreePik<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Gibraltar:\u00a0 Tuesday, 24 March 2026 \u2013 07:00 CET<\/p>\n

SME cybersecurity: what ratio of human error versus cybercriminal in data breach losses?
\n<\/strong>By: Iain Fraser<\/a>\u00a0\u2013\u00a0Cybersecurity Journalist
\n<\/a>Published in Collaboration with SECURUS Communications<\/a>
\nGoogle Indexed on: 240326 at 08:53 CET<\/a>
\nSMECyberInsights.co.uk<\/a> | First for SME Cybersecurity News
\n<\/a>#SMECyberInsights #SMECybersecurity #SMECyberInsights #SME #CyberSafe #CyberSecurity #Cybersecurity #Workforce<\/em><\/p>\n

\ufeff<\/span>\ufeff<\/span><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

SME cybersecurity: what ratio of human error versus cybercriminal in data breach losses?<\/strong><\/p>\n

Most breaches start with a human mistake, but criminals drive the cost. Learn practical SME controls aligned to NCSC and Cyber Essentials.<\/p>\n

A finance team clicks one convincing email; six hours later you are locking down Microsoft 365, calling the bank, and trying to work out whether you must report to the ICO within 72 hours. For UK SMEs, the uncomfortable truth is this: losses are usually caused by cybercriminals, but incidents often start with human error<\/strong>.<\/p>\n

Verizon\u2019s 2024 Data Breach Investigations Report (DBIR) found the \u201chuman element\u201d featured in 68% of breaches<\/strong>. That does not mean 68% were \u201cstaff being careless\u201d; it includes people being tricked, people mis-sending data, and people making configuration mistakes that create openings. The attacker still chooses to exploit it; the cost still lands with the business.<\/p>\n

What does \u201chuman error\u201d mean in a breach, in plain English?<\/strong><\/p>\n

Human error is any people-related factor that enables a security incident. In SMEs, it typically looks like:<\/p>\n

* A misdirected email<\/strong> containing personal data, often to the wrong customer or supplier.
\n* A successful phishing message<\/strong> that captures a password or MFA code.
\n* A rushed admin change<\/strong>\u00a0such as disabling a security feature \u201ctemporarily\u201d, then forgetting.<\/p>\n

The ICO\u2019s incident trend reporting consistently shows accidental disclosure and misdirected communications as recurring themes in personal data incidents. These are not Hollywood hacks; they are everyday operational slip-ups that become UK GDPR headaches.<\/p>\n

What counts as \u201ccybercriminal activity\u201d, and why it dominates the losses?<\/strong><\/p>\n

Cybercriminal activity is the deliberate abuse of systems for money, disruption, or data theft. In SME terms, the big-ticket losses tend to come from:<\/p>\n

* Business email compromise (BEC)<\/strong> and invoice fraud; attackers redirect payments.
\n* Ransomware<\/strong>; operations stop, recovery costs spike, customers get nervous.
\n* Credential stuffing and account takeover<\/strong>; attackers reuse leaked passwords to get into cloud services.<\/p>\n

So, what is the ratio? A realistic working model for advisers is 70:30 in cause and effect<\/strong>:<\/p>\n

* Cause (entry point):<\/strong> often human-enabled (phishing, mis-send, misconfiguration).
\n* Effect (financial loss):<\/strong>\u00a0largely criminal-driven (fraud, extortion, resale of data).<\/p>\n

It is not a clean split because the same incident can include both; a staff member is phished (human element), then the criminal exfiltrate’s data and extorts you (criminal action).<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"SME\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

What controls reduce both human error and criminal impact quickly?<\/strong><\/p>\n

These are high-impact steps that do not require a full security team.<\/p>\n

1. Put MFA on email and finance tools first<\/strong>; prioritise Microsoft 365, Google Workspace, Xero, QuickBooks, banking portals. This blocks a large share of credential-based attacks.<\/p>\n

2. Stop shared admin accounts<\/strong>; create named admin accounts, use least privilege, and review access monthly. This aligns directly with Cyber Essentials user access control expectations.<\/p>\n

3. Add an \u201cout-of-band\u201d payment check<\/strong>; if bank details change, verify via a known phone number, not the email thread. This is the cheapest BEC control you will ever buy.<\/p>\n

4. Harden email against spoofing<\/strong>; implement SPF, DKIM, and DMARC with monitoring. It reduces impersonation risk and improves signal for staff.<\/p>\n

5. Make backups boring and reliable<\/strong>; keep one copy offline or logically isolated, then test a restore quarterly. Ransomware prevention UK is not just stopping infection; it is making recovery predictable.<\/p>\n

6. Write a one-page incident response plan<\/strong>; include insurer, IT, bank, legal counsel, and decision points. NCSC phishing guidance helps structure practical defences without killing productivity.<\/p>\n

Why advisers should anchor this to UK frameworks and regulators<\/strong><\/p>\n

Cyber Essentials gives SMEs a clear baseline across five technical control areas, and it maps well to insurer underwriting questions. UK GDPR requires \u201cappropriate technical and organisational measures\u201d, and the ICO will expect you to evidence them after an incident. For more mature clients, NIST Cybersecurity Framework language can help structure governance; keep it outcome-led, not paperwork-led.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SECURUS\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

SECURUS Communications Ltd<\/strong><\/p>\n

Securus<\/a> <\/strong>is a managed communications Operator, providing next-generation network infrastructure and value added services to Managed Hosting providers and the ‘cloud generation’\u200b of enterprises. Securus<\/a> <\/strong>priority is to offer communication services that represent excellent value for money and are backed by exceptional levels of support.<\/p>\n

Contact Securus<\/strong>
\nSecurus Communications Ltd
\nStation Road, Landmark house, Hook, England RG27 9HA, GB
\nT: Enquiries:\u00a003451 283457<\/span><\/a>\u00a0| Service Desk: 03451 283458<\/a>
\nSecurus on LinkedIn<\/a> | Securus on “X”<\/a> | https:\/\/securuscomms.com<\/a><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t

\n\t\t\t\t\t<\/span>\n\t\t\t\t\tLatest Posts from SECURUS Communications<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t<\/h2>\n\t\t\t<\/div>
\n\n
\n
\n\n
\n \n \n \"AI-Powered <\/a>\n\n \n