The next time your enterprise data is compromised, don’t blame your security software, blame your employees.

While this may seem particularly harsh, Nuix Senior Vice President of Cybersecurity Chris Pogue said human error is at the heart of all major security breaches. The verdict is the result of a new whitepaper that encourages companies to address the human component of cybersecurity before looking to technology to protect their assets.

“In the more than 2,500 data breaches I have investigated, I can count exactly zero that were caused by non-human-initiated system failure—like it or not, people are the problem,” said Pogue, in a statement.

In the white paper, Nuix addresses five cognitive biases that are believed to cause people to make poor decisions when it comes to cybersecurity, including what Pogue calls “bugs in our brain software.” The study also looks at how other industries are working to change their employees’ bad habits and how these same practices can be applied to enterprise security, according to the official press release.

“Do we have what it takes to outsmart our own brains and stop ourselves from repeating the mistakes of the past?” said Pogue. “Hopefully we can set ourselves up for the next 20 years, get serious about security, address the real human vulnerability, and start reclaiming surrendered ground.”


Pogue’s conclusions that people, and not tech, are the real problem in cybersecurity breaches is not as far-fetched as it may initially seem. After all, the infamous Target breach two years ago was the result of a phishing email opened by a third-party employee, which resulted in the theft of credit card and personal information for up to 70 million shoppers. Additionally, a recent study from Cybrary found that a lack of required professional skills is hampering companies’ ability to deliver effective cyber security.

Recent research points to a lack of training at the college level for these inconsistencies in human behavior – another study from CloudPassage found that none of the top 10 U.S. computer science programs in the country require any form of cybersecurity training before graduation. The human factor in cybersecurity breaches even applies to those with the training and expertise to protect themselves – according to CompTIA, even well-educated IT employees exhibit sloppy behaviors that can lead to data breaches.

So what can channel partners do to help customers protect their critical assets? Having a discussion with customers about their particular set of needs is one way to help mitigate risk, according to CompTIA’s Seth Robinson.