Human Error’s Impact on Financial Services Security

By Paul Holland, CEO of Beyond Encryption


According to the Information Commissioner’s Office, in 2021 there were 9,758 recorded security incidents altogether, with only 2,759 of these being classified as cyber incidents. The remaining 6,999 were classed as non-cyber incidents, caused by human error, with the most frequent incident (1,637) being misfired emails.

Even phishing – a commonly known social engineering tactic that prays on human error and a lack of vigilance around cybersecurity – caused fewer incidents, with the ICO reporting 1,016 in 2021.

What does this mean? According to the data, it is 61% more likely for businesses to send an email containing sensitive data to the wrong recipient than to fall victim to a phishing attempt. On one hand, a case could be made that people are becoming more educated on phishing attacks, as 2021’s data does show a 12% drop in reported incidents compared to the previous financial year. On the other hand, it could be argued that a similar level of education needs to be made on the amount of outbound email-related data breaches.

Email is a powerful collaboration tool and is vital for businesses. However, it is also a major exit point for sensitive data. The average office worker is believed to send roughly 40 emails every day. Over the course of five days, this provides approximately 200 opportunities a week to inadvertently send data to the wrong recipient. In the case of the financial services industry, where organisations are routinely handling and transferring highly sensitive financial or personal information, this poses a significant problem. With 95% of cybersecurity breaches being caused by human error, it is clear that financial service organisations need to place much more focus on the human side of security.


Influence From the Pandemic

The COVID-19 pandemic has had a significant impact on the way that businesses approach security. In an office, an organisation can easily create a secure environment through firewalls, anti-virus solutions and a range of other network security measures that keeps office activity safe.

Working from home changes that. Businesses have to relinquish some of the control over the security measures they could put in place for employees, instead having to rely on their staff to remain vigilant towards cybersecurity. In an ideal world, that shouldn’t be an issue as long as staff have the correct training. According to research undertaken by the Aberdeen Group in 2019, security awareness training can reduce the risk of socially engineered cyber threats by up to 70%.

However, it is also important to understand the wellbeing impacts that the pandemic had on staff. Research has shown that between 2019 and 2020, there were an estimated 828,000 workers impacted by work-related stress, depression, or anxiety. Separately, Benenden Health found that 32.8% of people rate a heightened workload as the primary cause for workload stress and mental health issues.

Someone can receive all the training in the world, but if they are feeling stressed or anxious over an increased workload and a range of distractions caused by working from home, cybersecurity can quickly fall down the priority list for an employee. We don’t live in an ideal world, and as long as these challenges remain for employees, the risk of human error will persist.


Removing Human Error from Financial Services

The growing issue of human error must be tackled – both in the office and at home. In an industry that consistently handles high-value and sensitive financial transactions across a range of applications and identity checks, security must remain airtight at all times – especially within email communication.

Email can have a bad reputation. It is now considered one of the world’s most insecure mediums. Yet, it remains one of the most convenient and popular tools to communicate and share sensitive information, with the DMA(  reporting that the majority of individuals have held their current email address for over 10 years. Businesses need to utilise the right tools that can provide secure digital communications. By leveraging encrypted sensitive document delivery, organisations can have the freedom to exchange information confidently, cost-effectively and with full compliance.

Human error will never be eradicated completely. But financial services businesses can mitigate risk and achieve peace of mind by ensuring that their email communication is encrypted, with the ability to revoke user access if the email is sent to the wrong recipient.

Not only does this create a highly secure environment for employees in both the office and at home, but it creates a frictionless system that streamlines workflows. Important documents can be shared with colleagues or clients without fear, and without compromising privacy.


Explore more