23.2 million cyber security victim accounts worldwide used “123456” as password

Security awareness training addresses the most prevalent cause of cyber security breaches: human error

As we all know, data breaches continue to make headlines around the world. But did you know that:

  • Yahoo holds the record for the largest data breach ever with 3 billion accounts compromised.
  • An insider attack cost Boeing $2 billion and persisted for 30 years.
  • The privacy of 500 million Marriott customers was compromised, including banking data.
  • Data from 110 million Target customers was hijacked, including the banking and personal data of 40 million customers.

And it is not just large organizations that fall victim to data breaches. In fact, almost half of all cyber attacks are directed at small businesses. Could your organization be at risk? Regardless of the type or amount of your data, there is likely someone out there who is trying to steal it. And no matter what defensive security measures you put in place, attackers are often able to circumvent them, as these statistics demonstrate:

  • Worldwide, a cyber attack occurs every 39 seconds.
  • In 2018, in the US alone, 1,244 data breaches occurred and netted 446.5 million exposed records.
  • The average time to identify a breach across all industries is 197 days.
  • Once identified, the average time to contain a breach across all industries is 69 days.
  • 1 in 10 attack groups use malware to disrupt business operations.
  • 93% of malware is spread through email.
  • The average total cost of a data breach is $3.86 million. No surprise then that 60% of small businesses fold within 6 months of a cyber attack.

What causes cyber attacks, and what can organizations do to protect themselves? As a start, review your password policy. Shockingly, the first National Cyber Security Centre ‘UK cyber survey’ breach analysis found that 23.2 million victim accounts worldwide used “123456” as the password!

Put another way, human error is by far the most prevalent cause of security breaches. According to industry statistics, human error accounts for about 95% of all data breaches, including via phishing attacks, viruses, malware, poor passwords, social engineering, and ransomware.

Everyone is at risk. As highlighted in the Verizon 2019 Data Breach Investigations Report, “C-level executives are twelve times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past.” Yet, only 20% of businesses invest in cyber training for their staff to mitigate this risk.

For such training to be effective and efficient, it needs to be relevant to the industry and adapted to organizational processes and employee know-how. One of our fastest growing portfolio companies, Hut Six, addresses this need by providing customizable, cloud-based information security awareness training. Customization is key to ensure users are engaged and committed. Headquartered in the United Kingdom, Hut Six is entering international channel partnerships to scale globally and to develop alternate language offerings of their SaaS platform that is used to train, test, and track security awareness worldwide. The Hut Six solution enables organizations to keep employees up to date on the most recent security developments, including GDPR, the General Data Protection Regulation, which dictates how companies must protect the personal data of all EU citizens.

Hackers are getting more sophisticated and effective, data sources and opportunities for attacks are on the rise, and the resulting data breaches are getting bigger. These increases are driving security budgets around the globe. According to Gartner, worldwide information security spending will exceed $124 Billion in 2019.

However, the question remains: What is being done to solve the most prevalent and easily-addressed cause of security breaches, human error? Visit the Hut Six website to learn more about how to create a secure culture with customized security eLearning.


Wesley Clover invests in a range of technology companies, and they bring impressive innovation to markets and clients around the globe. I/O is our way of sharing some of the best insights. I trust you will enjoy them.

Terry Matthews, Chairman