Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

DATA BREACH REPORTS TO INFORMATION COMMISSIONER INCREASE BY 75%

by The Gurus
September 3, 2018
in Editor's News
Data Breach Cyber attack code
Share on FacebookShare on Twitter

The number of reports of data security incidents received by the Information Commissioner (“ICO”) has increased by 75 per cent over the past two years, according to new analysis1 by Kroll, a global leader in risk mitigation and investigative services.

 

The findings, obtained from a request made under the Freedom of Information Act and analysis of publicly available ICO data, reveal details of data breaches which have compromised a broad range of individuals’ personal data, including health or clinical information, financial details, employment details and criminal records or endorsements.

 

Kroll says the increase in reports indicates that organisations have been gearing up for a new era of transparency around data breaches under the General Data Protection Regulation (“GDPR”), which came into force in May. Kroll expects both the number of reports and value of fines issued to increase significantly under the new regulation, creating much greater regulatory and reputational risks for businesses.

 

Andrew Beckett, Managing Director and EMEA Leader for Kroll’s Cyber Risk Practice, explained: “Reporting data breaches wasn’t mandatory for most organisations before the GDPR came into force, so while the data is revealing, it only gives a snapshot into the true picture of breaches suffered by organisations in the UK. The recent rise in the number of reports is probably due to organisations’ gearing up for the GDPR as much as an increase in incidents. Now that the regulation is in force, we would expect to see a significant surge in the number of incidents reported as the GDPR imposes a duty on all organisations to report certain types of personal data breach.

 

“We would also expect to see an increase in the value of penalties issued as the maximum possible fine has risen from £500,000 to €20 million or 4 per cent of annual turnover, whichever is higher. The ultimate impact is that businesses face not only a much greater financial risk around personal data, but also a heightened reputational risk.”

 

Human error risk versus hacker risk

Kroll’s analysis reveals that the data breach risks posed by human error are at least as great as those from cyber attacks. In the past year, of the incidents where the type of breach is specified, 2,124 reports could be attributed to human error, compared to just 292 that were deliberate cyber incidents2.

 

The most common types of incidents due to human error include data being emailed to the incorrect recipient (447 incidents), loss or theft of paperwork (438) and data left in an insecure location (164). The loss or theft of unencrypted devices (133) is another common reason for data breach reports.

 

Of the deliberate cyber incidents reported, specific circumstances logged include unauthorised access (102), malware (53), phishing attacks (51) and ransomware (33).

 

Andrew Beckett noted: “Effective cyber security is not just about technology. Often, companies buy the latest software to protect themselves from hackers, but fail to instigate the data management processes and education of employees required to mitigate the risks. The majority of data breaches, and even many cyber attacks, could be prevented by human vigilance or the implementation of relatively simple security procedures.”

 

Sectors submitting the most data breach reports3

The health sector is responsible for the highest number of reported data security incidents over the past financial year (1,214), a 41 per cent increase over two years. This is followed by general business (362), education and childcare (354) and local government (328).

 

Kroll says the health sector is top of the list partially due to mandatory reporting requirements that only applied to certain sectors pre-GDPR, but under the new regulation the firm expects to see a much broader spread of business sectors reporting incidents.

 

The analysis4 reveals that health or clinical data is the most common type of personal data compromised, specified in 39 per cent of reports over a three-year period. This is likely to be due to the high percentage of reports originating from the health sector. Other kinds of personal data compromised include financial details (10%), social care data (7%), employment details (5%), criminal records or endorsements (4%) and education records (3%).

 

Andrew Beckett said:  “Following the introduction of the GDPR, the business case for investing in cyber defence has never been stronger.  Our analysis of incidents reported to the ICO in the UK shows that people are still the critical factor, and investment in training staff, either to follow correct procedures or to spot phishing attacks before they click on the link/email, offers the best return for helping to prevent data losses.  The increased scope for mandatory reporting of breaches under the GDPR may significantly alter these trends and results, and Kroll will continue to monitor and analyse breach data.  What won’t change is the increasing number of breaches/data loss events and the need for companies to have an effective, tested plan for how they deal with these situations, including the need for having specialist partners identified for forensic incident response, specialist legal counsel, crisis communications and breach notification.”

 

Earlier this year, Kroll launched its Data Protection Officer (“DPO”) Advisory Services in partnership with leading data privacy law firms. The service is an expansion of Kroll’s existing cyber security and incident response offering and supports privacy and security departments in becoming and staying compliant with GDPR requirements, in particular Article 37 of the GDPR, which calls for certain organisations to appoint a DPO.

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweetShare
Previous Post

Ransomware using Barack Obama’s face discovered

Next Post

16 Security Alerts Rated Critical and High Released by Cisco

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information