Story image

ICO report reaction: UK data security incidents rocket 224%

20 Oct 18

Following the recent release of the Informaition Commissioner's Office' data security incident trends report, Egress Software CEO Tony Pepper has some thoughts on the topic and what the startling numbers actually mean for the industry as a whole.

"After reviewing the short report, it comes as no real surprise that we have seen a pronounced uptick in the overall number of incident reports filed by organisations to the ICO," says Pepper.

"This increase is likely due to the new data breach notification requirements under GDPR, which require organisations to report incidents within 72 hours of becoming aware of them," Pepper says.

However, Pepper says while the numbers are certainly bad, they may not be as bad as at first glance.

"What must be taken into consideration is that whilst we have seen a 228% increase in reported data security incidents (from 957 in January to March 2018 to 3146 in April to June 2018), this does not necessarily mean that organisations are experiencing more breaches than before; it simply means that more are now being reported and forced into the light," Pepper says.

"Drilling further into the statistics, it is interesting to see that most data breach incidents are again down to people, processes and inadequate policies. The data reveals 3146 ‘security incidents’, which frequently involve internal actors making mistakes (including incorrect disclosure of data, which counted for 65%), as opposed to the 414 that are ‘cyber threats’ caused by malware, ransomware, brute force attacks and phishing. In terms of industry sectors, Healthcare, General Business and Education were the most affected. Where cyber threats were concerned, nearly 40% of these are attributed to phishing."

Other stats show the ICO to be nailing down hard on penalties - and there could be more to come.

"In terms of the monetary penalties we can see that the fines have doubled, rising to £1,030,000 in April to June of this year compared to £653,000 in the same period last year, and since 25th May to beginning of October this has gone up again to £1,425,000.  Interestingly, all these fines are still under the Data Protection Act, as to date no company has actually been fined under GDPR," says Pepper.

"At Egress, we believe that organisations should take a user-centric approach to data security, ensuring that every employee is as security savvy as they need to be. In the run up to GDPR, a survey we conducted sought to find out whether the data compliance mantra that has been drilled into the tech team had trickled down to the average worker. It revealed that 20% of employees were still using insecure channels to share company documents, including personal email, social media, cloud sharing and messaging apps. Moreover, 39% did not know if their company was doing enough to protect customer data in the light of recent data breaches and 1 in 5 did not know what kinds of personal information should be protected when sharing data via email."

Pepper says businesses need to clamp down on users, as that is where the sheer majority of breaches come from.

"Today, the user is the only constant within organisations and by taking a user-centric approach and equipping staff to handle personal data –through technology that supports and secures the work they do, as well as more training and awareness – companies will be better placed to close the gap in their compliance programme," Pepper says.

"It will be interesting to see how these statistics breakdown further when the full report becomes available."

AWS tops all four global markets, APAC a unique case
The order of proceedings remains relatively the same in three of the four major regions for public cloud services providers, but the APAC market is bolstered by the prominence of China.
What Brexit? Equinix invests £90m in new London data centre
The company is confident Brexit will have no impact on the data centre market in London, with its total investment in the London metro area exceeding £930m.
Datacentres Ireland gets the ball rolling in Dublin
Ireland’s largest dedicated gathering of suppliers for data centres today opened in Dublin and is set to span two days.
Huawei obtains world’s first PUE test certificate for modular data center product
Huawei is supposedly committed to providing users with green, efficient and reliable data center energy solutions.
Five secrets – Workday’s 2019 winning formulas
We thoroughly investigate why business software vendor Workday believes 2019 will be their best year yet.
Exclusive: Strengths and limitations of the AWS/Cisco partnership
Iguazio CEO Yaron Haviv discusses whether the partnership really is a 'match made in heaven' and what it means for the industry.
Google Cloud CEO stepping down to welcome ex-Oracle exec
Google Cloud has grown significantly under Greene's tenure, but has involved tens of billions of dollars and little gains on AWS and Azure.
Mobile Infrastructure market sees fastest growth since 2014
The report from Dell’Oro shows that while the vendor rankings for the top three vendors remained unchanged with Huawei, Ericsson, and Nokia leading.