89% of UK organisational cybersecurity risks are internal

The 2019 Security Report by Telstra surveyed over 1,300 professionals across 13 countries, and identified that employees are the biggest threat to an organisation’s cybersecurity.

One of the key findings discovered was that 89% of the surveyed UK organisations stated they had been impacted by “unintentional human errors”, which had resulted in at least one incident of compromised security, integrity or availability of service.

Out of the 89%, 12% of British companies reported experiencing weekly occurrences, whilst 14% reported monthly occurrences and 22% experienced quarterly incidents.

Amongst the findings the most concerning was that 25% of UK businesses had experienced security incidents due to intentional employee actions on a monthly basis, with 22% stating it occurred every six months.

Robert Robinson, Security Practice Lead at Company85, explained that companies are too focused on external threats that the threat posed by their employees is not acknowledged.  

“While unintentional human error and malicious activity are not ‘traditional’ methods of attack, it is no surprise that these are some of the leading causes of business disruption. This is because so much investment goes towards preventing external threats, the risks posed by internal employees can often be underestimated.

“What organisations need to do is make sure that their cybersecurity investment is proportioned well enough to properly train, educate and review staff and internal processes to ensure human error and malicious threats can be minimised.”

It was also discovered that within UK organisations, 65% had suffered at least one security breach in the past year, which had resulted in a confirmed disclosure. 

Furthermore it was uncovered that vulnerable unpatched systems and operational techniques such as video cameras are the most popular gateways for external attacks (89%), followed by malware attacks (88%), web application attacks, phishing attacks and operational technology attacks (86%).

The most popular methods of attacks were business email compromises (82%), ransomware (79%), hacking (77%), identity theft (74%) and advanced persistent threat (APT) attacks (69%).

Robinson added:

“Conventional attacks should still be a huge worry for organisations as the research shows they are still incredibly widespread. To help prevent incapacitating external attacks, organisations must ensure they have effective, enterprise-grade solutions and systems that can help reduce the chances of an attack being successful and recovering from the attack should it breach the walls.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.