Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The Common Causes of a Data Breach

Data breach

about the author

Here are some of the most common causes of a data breach and, importantly, how to prevent them.

In 2021 22 billion data records were breached. Those data records included login credentials, personal data, sensitive company information, and financial information. The data likely ended up on dark web marketplaces for sale to the broader cybercriminal community.

A hacker can use stolen data to carry out cyber attacks, including identity theft, Business Email Compromise (BEC) and ransomware infection. Data is the foundation stone of the tsunami of cybercrime the world is witness to; without access to personal data, cybercriminals would be cut off from the $1.5 trillion revenue they made in 2019.

Here are some of the most common causes of a data breach and, importantly, how to prevent them.

The Four Most Common Causes of a Data Breach

The Data Breach Investigations Report (DBIR) is an annual review of the state of play in the cyber security landscape. The 2022 DBIR identifies ​​four key ways that cybercriminals “enter your real estate”: Credentials, Phishing, Exploiting vulnerabilities, and Botnets.


According to the 2022 DBIR, there has been a 30% increase in stolen credentials since 2017. If a cybercriminal gets hold of a set of login credentials, for example, username and password, you may as well hand over your company data and bank account.

Even the login credentials of employees without privileges to servers and sensitive areas of the network can still open the door to your castle. These credentials are used to escalate privileges to get access to sensitive network areas and applications: this is known as lateral movement.

Behaviours such as password sharing and reusing passwords across multiple accounts also put login credentials at risk: a Google survey found that 52% of people reuse passwords for multiple accounts.

Phishing is a high-risk area that leads to credential theft and, ultimately a data breach:


The number one best way to steal personal data is by phishing for it. In all its forms, including email phishing, spear-phishing, Smishing, and Vishing, this social engineering mechanism is the best way for a cybercriminal to begin the process that leads to a data breach.

The 2022 DBIR shows that phishing remains the top social engineering variety. This is because email phishing is a direct way into an organisation; if a phishing email lands in an employee’s inbox, unless they know what they are dealing with, the next step is credential theft and/or malware infection. Even ransomware, which used to be exclusively about financial extortion, is now used to steal data. It is all about the data.

In addition, using multiple authentication factors (MFA/2FA) is also no longer protection against credential and data theft via phishing. Cybercriminals, ever-inventive, are now finding novel ways to bypass second-factor authentication.

Exploiting Vulnerabilities

Phishing and credential theft often exploit vulnerabilities that lead to data theft. Software vulnerabilities are common. CVE Details keep a record and database of vulnerabilities: in 2021, CVE Details recorded over 20,000 vulnerabilities; each has the potential to allow a hacker to exploit the flaw and take over an application. The goal is to use this exploit to access network parts that will enable the hacker to install malware or exfiltrate data.


SpamHaus recorded a 23% increase in botnet activity in Q4 2021. The word botnet describes a set of devices infected with malware used as a group to carry out attacks. A malicious actor, a Botherder, controls these computers/laptops.

The Botherder uses these devices to carry out cyber attacks on a target, including sending out phishing emails, malware, and/or carrying out a Denial-of-Service attack. All of which can become part of a broader goal of stealing data.

Here Are the Best Ways to Prevent a Data Breach

One key takeaway from the 2022 DBIR is that 82% of breaches involve the human element. Furthermore, the report says, “people continue to play a very large role in incidents and breaches alike.” Focusing your efforts on changing this metric is the best way to combat data breaches.

Here are some of the best ways to do that:

Train Your Employees About Information Security Tactics

Security Awareness Training is still the best way to prevent a cyber attack that relies on manipulating human behaviour. However, this form of employee education is not just to train employees about the cybercriminal element of data breaches.

Security awareness is also about improving general security behaviours such as sharing and reusing passwords. Effective training packages will include all aspects of security issues in an organisation and educate employees regularly to improve their general security behaviour.

Carry Out Phishing Simulations

Phishing simulations are a great way to build an employee’s knowledge of how phishing works. The use of phishing simulation exercises is vital, as cybercriminals increasingly use sophisticated email phishing methods and target specific roles in an organisation.

Phishing simulation providers offer templates to create your phishing simulations based on the type of email phishing that puts your company at risk. In addition, advanced phishing simulation platforms will provide a central console to manage the training and deliver metrics that help tailor the exercises.

Encourage Reporting of Data Breach Incidents

Employees should be encouraged to report security incidents. In doing so, organisations foster a security-first culture that facilitates collaboration against cybercrime. A security culture that emphasises open reporting and that makes reporting incidents easy allows your IT team to help prevent an incident from becoming a full-blown security event.

Use a Password Manager

Credential theft is common because passwords are commonly used for logging in to applications. Because people must remember so many passwords, they end up using the same one over and over. The most common password is 123456. Using a password manager is an effective way to help prevent password fatigue and encourage good password hygiene.

Patch Your Systems

Vulnerabilities are only exploitable if they exist. So, make sure to update and apply security patches as they become available. If this feels like a mammoth task, look for a centralised mechanism that can automate patching.

In positive news, 37 billion data records were breached in 2020. So, the 22 billion breached records in 2021 show progress. This drop-in number is unlikely to be down to cybercriminals taking a few days off work. More likely, this is because organisations are taking note and implementing measures to prevent breaches.

In fact, the 2022 DBIR reiterated this: “no organisation is safe without a plan to handle them all.” A company can create a more secure environment and prevent data breaches by working collaboratively and using security education.

The Common Causes of a Data Breach

you might enjoy reading these