HomeIntelligenceBrief
BREACH BRIEF⚪ Informational Advisory

Study Finds Poor Processes and Organizational Culture Drive Majority of Data Breaches

Dark Reading reports that weak internal processes and a deficient security culture are the leading causes of data breaches across sectors, underscoring the need for TPRM programs to evaluate governance and cultural maturity alongside technical controls.

LiveThreat™ Intelligence · 📅 May 21, 2026· 📰 darkreading.com
Severity
Informational
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
darkreading.com

Study Finds Poor Processes and Organizational Culture Drive Majority of Data Breaches

What Happened — A recent Dark Reading analysis shows that inadequate internal processes and weak security culture remain the top drivers of data‑breach incidents, even as state‑level cyber‑hygiene laws expand. The study reviewed breach reports across multiple sectors and concluded that technical controls alone cannot compensate for governance and cultural deficiencies.

Why It Matters for TPRM

  • Vendor risk programs must assess not only technology stacks but also the maturity of a partner’s security processes and cultural posture.
  • Governance gaps in a third‑party can cascade into indirect exposure for your organization.
  • Compliance checklists that ignore human‑factor risks may give a false sense of security.

Who Is Affected — All industry verticals that outsource data handling, with heightened relevance for finance, healthcare, SaaS, and cloud‑service providers.

Recommended Actions — Add process‑maturity and security‑culture questionnaires to your vendor due‑diligence, request evidence of security‑awareness training and incident‑response playbooks, and schedule periodic governance audits of critical suppliers.

Technical Notes — The report cites lack of formal change‑management, insufficient employee training, and poor incident‑response planning as primary attack vectors. No specific CVEs, malware families, or technical exploits were identified. Source: Dark Reading

📰 Original Source
https://www.darkreading.com/cyberattacks-data-breaches/processes-and-culture-top-reasons-behind-data-breaches

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →