Analysis of published public sector information security incidents and breaches to establish the proportions of human error

The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. This paper analyses recent published incidents and breaches to establish the proportions of human error, and where possible subsequently utilises the HEART human reliability analysis technique, which is established within the safety field. This analysis provides an understanding of the proportions of incidents and breaches that relate to human error as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field.