The next time your company finds itself the victim of a security breach, it would be natural if you got angry and wanted to blame whatever type of criminal hacker you think might have carried it out.
But if the findings of a new survey on security trends from CompTIA, a nonprofit trade organization for IT professionals, are any guide, the blame more than likely lies with the person in the mirror.
A survey of 400 tech professionals and senior executives at U.S.-based companies found that human error was the “leading contributor” in more than half — at least 52 percent — of security breaches, while technology failed less than half of the time — 48 percent.
Among the most common human errors: “Failure to follow policies and procedures” and “general carelessness,” which were both cited by 42 percent of companies surveyed.
And the worries about human error at these companies are increasing: More than a third — 39 percent — said that human errors had become a more prevalent problem in security incidents during the previous two years, and was slightly higher at the largest companies in the survey.
The obvious solution is to train employees to do better and try to reduce the number of the kind of dumb mistakes that can give a criminal hacker a foot in the door. But here’s a surprise: Only 54 percent of companies in the survey require employees to go through any kind of security training. When the other 46 percent were asked why they don’t offer any training, a bunch of them — one in three — gave no specific reason.
This article originally appeared on Recode.net.