forbes.com
Human Error Now Leading Cause of Cyber Incidents, Costing Millions
The shift to hybrid work and cloud computing has made human error the leading cause of cyber incidents, costing U.S. companies an average of $10.22 million per breach in 2025, potentially leading to business closure for smaller firms.
- How has the shift to hybrid work and cloud computing expanded the attack surface for cybercriminals?
- The decentralized nature of hybrid work expands the attack surface. Employees using various personal and corporate devices on unsecured networks create numerous entry points for malware and data breaches. This is exacerbated by the frequent switching between devices, each introducing further risk.
- What proactive measures can organizations take to mitigate the risk of human error in cybersecurity?
- Organizations should implement proactive measures such as regular phishing simulations, mandatory multi-factor authentication, and the provision of password managers. These steps enhance user awareness and improve security practices to reduce vulnerabilities and prevent unauthorized access.
- What is the primary cause of the increase in cyber incidents, and what are its immediate consequences?
- Human error, due to factors like carelessness and risky habits in hybrid work environments, is the leading cause. This results in significantly increased costs for businesses, with breaches averaging \$10.22 million in 2025 for U.S. companies, potentially leading to the closure of smaller businesses.
Cognitive Concepts
Framing Bias
The article frames cybersecurity threats primarily through the lens of individual user error, emphasizing the human element over technological vulnerabilities. While acknowledging technological advancements, the narrative consistently highlights human carelessness as the main cause of breaches. This framing might inadvertently downplay the role of sophisticated cyberattacks or systemic security weaknesses within organizations. For example, the headline "Beyond The Firewall Employees are now the network's edge" positions employees as the primary security risk.
Language Bias
The language used is generally neutral but leans towards emphasizing the threat posed by human error. Phrases like "carelessness," "rushing," and "clicking without thinking" carry negative connotations and subtly reinforce the idea of individual blame. While not overtly biased, the repeated focus on individual shortcomings could overshadow other contributing factors. For example, instead of 'careless action', a more neutral term would be 'unintentional user action'.
Bias by Omission
The analysis omits discussion of the role of sophisticated cyberattacks, focusing heavily on individual user error. While human error is a significant factor, neglecting advanced persistent threats or systemic vulnerabilities presents an incomplete picture of the cybersecurity landscape. The lack of discussion on organizational security measures beyond MFA and password managers also limits a comprehensive view. Furthermore, there is no mention of the legal and regulatory responsibilities involved in data breaches.
False Dichotomy
The article presents a false dichotomy by implying that cybersecurity is solely about protecting users from themselves versus sophisticated technical defenses. It oversimplifies a complex issue by focusing heavily on individual actions while minimizing the importance of robust technological security measures and proactive threat management strategies. The narrative subtly suggests a choice between individual responsibility and technological solutions, neglecting the crucial interplay between these elements.
Sustainable Development Goals
The article highlights that the cost of a data breach can be significantly higher for smaller businesses, potentially exacerbating existing economic inequalities. By promoting better cybersecurity practices, businesses of all sizes can mitigate this risk, contributing to a more level playing field and reducing economic disparity. Improved cybersecurity can lead to greater economic stability and resilience, particularly beneficial for smaller companies that are more vulnerable to financial shocks from cyberattacks.