Arrow back

The psychology of human error

11 October, 2021

To err is human, but some mistakes can have major consequences for yourself and your organisation.

There are lots of different reasons why a person might make an error in the workplace, such as tiredness, being distracted by other tasks, or in some situations, due to lack of knowledge.

Independent studies have revealed that 88% of data breaches are due to human error. As such, reducing human error is an area of vital importance for every company.

A simple error can end up costing a company a significant amount of money in fines and compensation, as well as potentially irreparable damage to the company reputation.

To better understand the reasons behind the errors, we looked at a report by Professor Jeff Hancock of Stanford University. The study identified that almost half of employees surveyed believed they had made a mistake at work that led to security repercussions.

Here’s what it found:

Younger employees more likely to admit to errors

The report revealed that younger employees were 5x more likely to admit to errors that compromised security.

The report found 50% of 18-30-year-olds admitted to mistakes, while just 10% of over 50s owned up to making mistakes. Professor Hancock’s view on these figures is that younger people are more likely to admit to mistakes, rather than this being representative of which age groups are making the most mistakes.

He referred to the added importance of a positive reporting culture for older generations to reduce the shame of admitting to mistakes, which can be a high risk for companies, as people who admit to errors are more likely to learn from them.

Men click phishing emails with greater regularity

Another very interesting insight was that 25% of employees in the studies had clicked on a phishing scam link, with men more likely (34%) to click a link than women (17%).

The report found that older employees claimed to be the least susceptible to phishing scams but that they actually had less knowledge of what a phishing scam was.

Tech companies are at increased risk of phishing

When looking at which companies were most likely to click on phishing email scams, fast-paced tech companies were the most fallible. While this might surprise some people due to this sector being the most tech-savvy, one plausible reason for this is that tech employees are usually expected to work at a fast pace, answering emails as quickly as possible.

This pace of working, rather than knowledge or age, is more likely to be the key reason for this sector being the worst for falling for scams. Instead of carefully reading through emails and having time to consider the best course of action, employees often felt pressure to quickly deal with enquiries, without giving adequate consideration to potential risks.

Tailored training is vital

Professor Hancock’s strong recommendation based on his findings is to include tailoring training to reduce human risk across organisations.

Our flagship training programme, Bob’s Culture, tailors not only the course rollout for each organisation specifically around the personalities and thought processes of the people in your organisation but also the phishing training delivered.

The key is our unique Human Vulnerability Assessment, an anonymised questionnaire answered by your whole organisation which ensures the training you complete is relevant and necessary to reduce your risk of breaches.

Want to find out more about Bob’s Culture? Click here.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance