Top 5 Reasons why Data Breaches Happen

Unpatched vulns, human errors, malware… All covered in here!

November 10th, 2020 - Blog post

Top 5 Reasons why Data Breaches Happen

  1. Old, Unpatched Security Vulnerabilities
  2. Human Error
  3. Malware
  4. Insider Misuse
  5. Physical Theft of a Data-Carrying Device


Top 1: Old, Unpatched Security Vulnerabilities

There are numerous exploits recorded in websites like Exploit Database or Rapid 7’s Vulnerability & Exploit Database. Any person with malicious intent could launch a reconnaissance attack, detect unpatched systems and exploit them by using the tools loaded in websites like the ones I linked above. That’s why it’s so important to keep any system updated.

Top 2: Human Error

Statistically, more than the half of security breaches happen due to natural human error. We are not perfect and every individual of our species is different from each other. Some of the common human mistakes include:

  • Using weak passwords or reusing those leaked in other data breaches.
  • Sending sensitive data to wrong recipients.
  • Sharing account credentials; and
  • Falling for phishing scams.

An efficient way of stopping people from comitting these mistakes is training them to understand how they happen and how to prevent them.

Top 3: Malware

Every day, more sophisticated malware is developed. According to the Verizon DBIR 2015, “5 malware events occur every second”, and that was 5 years ago from the creation of this post.

A lot of automated scripts enter the group of these events, however black hat hackers modify many of the already released malware. This makes them unrecognisable to antivirus programs while producing the original intended damage.

Top 4: Insider Misuse

This is a closely related to human error, but with more of an insidious nature. This relates to intentious and deliberate abuse from a person inside a company for personal profit. It so mischievous in nature it’s very hard to find an insider within a company. It may be a fellow colleague who has been approached by a malicious actor in exchange of a reward or a ransom or somebody specifically infiltrated for this purpose.

Top 5: Physical Theft of a Data-Carrying Device

The digital realm will never be safe if a malicious actor can access to the physical devices, either stealing or gaining physical access to them. Opportunistic in nature, these attacks make very difficult the task of foreseeing them. Regular physical penetration tests help educating security employers to reduce the physical vulnerabilities a company may have.



Anon., 2020. - “Data Breach 101: Top 5 Reasons it Happens” [Online]
Available at: []
[Accessed 10 November 2020]

© 2022 Subtle Labs. All rights reserved. Made with love and coffee from somewhere near Edinburgh, UK.