Hurricanes, lightning strikes, fires, and floods—those are the disasters many people imagine when they think about business continuity and the potential causes of data loss. But what about data loss and human error?
Think deleted files, misplaced spreadsheets, and important folders that suddenly vanish. They might not make for high-profile headlines, but these data loss events are actually more common and costly for most businesses. Worst of all, if you can’t retrieve your data, a simple mistake can quickly turn into a catastrophe.
In this post, we put together data loss human error statistics that show just how often the two go hand in hand. Perhaps more importantly, we draw on our extensive experience in data loss to offer guidance on the best ways to prevent it and recover from it.
Data Loss Human Error Statistics
Estimates of how much data loss results from human error can range anywhere from 20 to 95%. It’s a difficult number to pin down because organizations are often reluctant to admit when an internal mistake is to blame.
According to Verizon’s 2024 Data Breach Investigations Report, 68% of data breaches over the prior year involved a non-malicious human element. That includes falling for phishing scams and making errors but doesn’t account for data loss due to incidents like unintentional deletions.
Breaches and other data loss events often go unreported unless they’re discovered by an outside party. Consider this example.
In February 2024, global network service provider Zenlayer accidentally made an internal database publicly available on the internet without any password protection. They exposed 380 million records in the process, including internal files and customer data. Zenlayer and the public only became aware of their mistake after cybersecurity researcher Jeremiah Fowler uncovered it.
Common Causes of Data Loss Involving Human Error
The specifics of Zenlayer’s case are fairly unusual, but inadvertent date exposure and loss aren’t. Accidental deletion, file overwrites, and social engineering attacks are the most common risks that increase the possibility of loss or failure from human error. Data is also often lost during large file migrations or in cases where devices are accidentally destroyed, such as when someone drops a laptop.
Let’s dig a little deeper into these incidents to understand how they happen and what you can do to prevent them.
1) Accidental File Deletion
According to a 2024 study, 74% of Americans who own a computer have accidentally deleted important data. In other words, the odds are good that someone—or multiple someones—in your organization will delete a vital file or folder at some point in the future.
It’s an easy mistake to make. An employee might accidentally move an important file to the trash without realizing it. On the other hand, they might intentionally delete the file and only later discover that they needed it.
Accidental deletion is also common when users move files and folders to a different location on the server. Sometimes the employee recognizes their mistake immediately, making it slightly easier to recover. Other times, it can be days or even weeks before the employee notices the files are missing.
To make matters worse, the employee in question may not even remember the file name or when exactly they deleted it. This makes it even harder for IT administrators to locate it in a backup—assuming there is a one.
The same issue exists for accidentally deleted emails, CRM records, and app data. At some point, all the critical and sensitive data that keeps your business running could wind up in the trash and permanently erased.
2) Social Engineering
Hackers who want to infiltrate your systems are banking on human error. They put together social engineering schemes in which they deceive users to gain access to other security systems or deliver malware that lays the groundwork for future cyberattacks. These are a few of their most popular methods.
Malicious Emails
More often than not, social engineering starts with an email designed to trick the employee into believing it’s from a legitimate user or organization. In reality, these messages carry malicious attachments or links to malicious websites.
For example, employees might receive a message identified as a receipt, invoice, or billing statement. When they unknowingly click these links or open the file attachments, their computers are infected with malware.
Advanced Social Engineering
More sophisticated social engineering attacks often use multiple layers of deception. For example, an email might be disguised as a notification to reset a password or view a file shared by a coworker on Google Drive. The message might even be personalized to include the coworker’s name. When the user clicks the link, it takes them to a secondary page that also looks legitimate.
Unfortunately, the page is just the next step of the deception. Users unknowingly enter their credentials, which are sent directly to the attackers.When these types of attacks are used to deploy ransomware or other types of malware, they can cause permanent data loss.
AI and Social Engineering
A report from Positive Technologies shows that more than half of organizations experienced a data breach due to a social engineering attack in the third quarter of 2023. And the problem is only going to get worse.
Experts expect that artificial intelligence (AI) will make it more difficult to identify these types of schemes because it helps eliminate some of the red flags that tip people off to the scam. For example, social engineering produced by generative AI is less likely to have obvious typos, spelling errors, and grammar mistakes. In addition, bad actors can use AI to scrape data from brands they’re trying to impersonate and create phishing content that reflects their tone, voice, and style.
3) Mishandled Migrations
Anytime you move large amounts of data, there’s a risk of losing, overwriting, or accidentally deleting files. In worst-case scenarios, employees might replace entire folders and directories. Old data replaces newer versions of files, and bad data replaces the good.
Why does this happen?
In most cases, it comes down to a simple mistake caused by the person handling the migration, even though their intentions are likely good. Employees often perform migrations to reorganize or consolidate data storage or before deploying new software. If the user isn’t careful, they could botch the migration and destroy large swaths of data.
In some cases, the failed migration isn’t entirely the user’s fault, but human error almost always plays a part.
4) Bad Integrations
Integrating third-party software requires skill and care, especially if it involves data migration. A misconfigured integration or compatibility issues increase the chances of data deletion.
Most often, these integration problems are due to human error because it’s the user’s responsibility to make sure the integration is viable before proceeding. For example, when adding new software, the user needs to confirm that the developers are reputable and that it’s compatible with current systems. They should also use testing environments to identify errors before performing a full rollout of the integration.
Keep in mind that human error isn’t always the culprit. Bugs in otherwise well-developed software could cause a botched integration resulting in data loss. Proper testing can help minimize this risk.
5) Other IT Errors
When it comes to data loss and human error, it’s not just the non-tech employees you need to worry about. IT folks make mistakes too, and the losses can be even greater.
When human errors cause an incident at a data center, that’s a whole different level of data loss that goes far beyond somebody simply deleting files by accident.
These incidents occur due to issues ranging from network misconfigurations to security vulnerabilities. Whether due to lack of knowledge or lack of morning coffee, mistakes can and do occur when managing IT systems, underscoring the importance of backing up your data.
Adding Ransomware to the Mix
Ransomware is the cybersecurity buzzword of the modern era, so you might be wondering how it ties in with data loss.
It’s definitely worth discussing.
In 2023, small businesses in the United States paid more than $16,000 in ransoms, and only half recovered all their data. Attacks are happening with increasing regularity, with companies temporarily or permanently losing access to their data if they can’t restore from a backup.
While those facts are frightening, there are two key points to remember about ransomware.
First, although a ransomware attack can indeed wreak havoc on your operations, it’s not the top cause of data loss. Day to day, it’s far more common for businesses to lose data because of human error.
The second and most critical fact is that human error is also the biggest cause of ransomware infections. Cybercriminals often deliver ransomware via spam and phishing emails. When employees don’t know what to look for and inadvertently click on links or open attachments, the infection drops.
Preventing Data Loss Due to Human Error
To err is human, but that doesn’t mean there’s no hope of protecting your data. These are some crucial strategies you can use to reduce the risk of data loss and minimize the size of the loss when it does occur:
- Employee training for basic network usage and computing: A little bit of training can go a long way, so make lessons on how to properly save, move, modify, and delete files on the company network part of your onboarding process. Educate employees on the risks of data loss and the importance of notifying administrators as quickly as possible after accidental file deletion.
- Cybersecurity training: Whether it’s part of your overall computing training or a separate program, you should also educate all staff on safe practices for Internet and email use. To greatly reduce the risks of data loss caused by ransomware or other forms of malware, teach employees how to spot the telltale signs of a phishing email or other spam messages from unknown senders..
- Cybersecurity software: No matter how well you train your employees, some phishing attempts and ransomware will inevitably slip through. Create a second line of defense by installing a reliable cybersecurity solution to detect and respond to any threats.
- Set stricter access controls: Limit user access to only the folders they need based on the approach of “least privilege.” While it won’t prevent accidental deletion within the user’s approved directories, it will prevent them from making mistakes in folders where they shouldn’t have access in the first place. As an added bonus, it could help prevent the infection from spreading outside the user’s approved directory in the event of a ransomware attack.
No matter what you do to prevent data loss from human error, make sure your strategies and systems are clearly defined in a business continuity plan (BCP). This comprehensive document will serve as the basis for your continuity planning, identifying your unique risks and outlining the protocols for backup and recovery.
Even the most comprehensive BCP won’t prevent all instances of accidental data loss, but it can significantly lower the threat by ensuring that your business is adequately prepared.
Recovering Lost Data
When data loss inevitably occurs, you need a way to recover it as fast as possible. As soon as the clock starts ticking, the cost of downtime caused by data loss starts going up, sometimes reaching thousands or hundreds of thousands of dollars within a single hour.
Speed is of the essence.
Whether a single file has gone missing or someone allowed ransomware to lock up all your data, these steps can help ensure a quick, painless recovery:
- Back up your data: These days, no business should go without a strong data backup and disaster recovery system (BDR). Backing up your data regularly will ensure that you can recover any lost data, and that’s just as important for small businesses as for enormous enterprise companies.
- Allow for multiple restore options: When somebody deletes a single file or even a few folders, your IT team shouldn’t need to revert back to a large, system-wide backup. On the other hand, when massive data loss has occurred, you should be able to restore everything by selecting the appropriate recovery point—make sure your BDR can do both.
- Recover missing files faster: The software built into your BDR system is crucial. It will allow you to locate and restore deleted data in the shortest amount of time by showing you which files have been modified, deleted, or created between any two backups.
- Go hybrid: For greater assurance that your data is always recoverable, deploy a BDR system with hybrid technology, which stores your backups on-site and in the cloud. That means if somebody spills coffee all over your servers, you can still recover any destroyed data from the cloud.
- Perform backups more often: If your last backup was 24 hours ago, then all the data your and your team created or modified since then is vulnerable to permanent destruction. Make sure you can perform backups as frequently as needed—such as every five minutes—to prevent a costly data loss or disruption.
If the worst has happened and you’re struggling to recover your lost data, don’t forget to make use of the resources available to you. A business continuity and data recovery specialist can help you find the best path forward so you minimize your loss and get up and running again before the situation escalates.
Don’t Risk Permanent Data Loss From Human Error
When you’re dealing with critical files, apps, and emails, even a small mistake could have massive consequences. Don’t become part of the future’s data loss human error statistics. Deploy stronger backup systems now to protect your data and your business.
Not sure which solution is right for you? Invenio IT has you covered. Schedule a call with one of our data specialists to learn more about your data backup options. No matter the size or focus of your organization, the Invenio IT team can help you find the best backup system for your business.
Frequently Asked Questions
1) What is human error in information security?
In information security, human error refers to any action by an individual that inadvertently compromises sensitive data. Examples include users opening malicious email attachments, using weak passwords, or installing unauthorized software infected with malware.
In IT, it’s useful to distinguish human errors from system errors to identify the root cause of any vulnerabilities. Given the unpredictability of the human element, train users frequently in cybersecurity.
2) What is the most common cause of data loss?
Human error is often cited as the most common cause of data loss. A 2022 report by Verizon found that 82% of data breaches involved the human element. Other studies have found that human error accounts for 50 to 75% of data loss incidents at businesses, with some estimating as much as 95%. Other frequent causes include hardware failures, software corruption, malware, and theft.
