UK businesses reported 2,629 security incidents to ICO in Q4

UK businesses reported 2,629 security incidents to ICO in Q4

UK businesses reported 2,629 security incidents to ICO in Q4 2019-20

The Information Commissioner’s Office has reported a 19% dip in the number of reported security incidents during Q4 2019-20 compared to the same period last year.

The EU’s General Data Protection Regulation came into force on May 25, 2018 and since then, there has been a consistent reduction in the number of data security incidents reported to the Information Commissioner’s Office.

The total number of reported cyber-related and non-cyber related security incidents in the fourth quarter touched 2,629, compared to 3,263 incidents during the same period in 2019. Of these, cyber security incidents involving brute force attacks, misconfigurations, malware and ransomware attacks, phishing, and unauthorised access to personal data totaled just 653.

“These figures are based on the number of reports of personal data breaches received by the ICO during Q4 2019-20. These figures are based on the number of reports submitted by the data controller, not necessarily the number of incidents,” the Information Commissioner said.

“I don’t see the decline in reported incidents as being odd. At the beginning of GDPR, many regulators faced the issue of companies overreporting incidents,” said Brian Honan, President of BH Consulting to ISMG.

“This overreporting was primarily due to companies not understanding when they actually need to report a breach. Now that those companies are more familiar with the GDPR requirements, and thanks to breach guidance issued by supervisory authorities and ENISA [European Union Agency for Cybersecurity], companies better understand under what circumstances they should report a breach,” he added.

In the latest data security incident trends report, ICO revealed that UK organisations suffered 280 security incidents due to phishing attacks. While 43 such incidents were reported by organisations in education and childcare sectors, 38 were reported by finance, insurance, and credit organisations, 30 were reported by retailers and manufacturers, and 20 were reported by real estate firms.

Businesses across the UK also reported a total of 60 ransomware-related security incidents, out of which 21 were reported by firms in the retail and manufacturing sectors. Other sectors reported incidents in the single digits with education and child care organisations leading with 9.

The bulk of security incidents involved improper handling of personal data

The bulk of security incidents reported to the ICO were classified as “non-cyber” by the ICO and included alteration of personal data, data emailed to an incorrect recipient, data of wrong data subject shown in the client portal, denial of service, failure to redact, incorrect disposal of hardware, incorrect disposal of paperwork, loss.theft of personal data, and verbal disclosure of personal data.

These incidents occurred mostly due to human error and formed 1,976 out of 2,629 security incidents reported to the ICO between January and March this year.

Grant Geyer, Chief Product Officer of Claroty, told TEISS “Just as important as the principles the regulation stands for, the European Union’s global enforcement of blatant and willful violations of the rights of European citizens to have their personal data safeguarded has raised its prominence to the gold standard of data protection regulations worldwide.

In today’s global economy, GDPR has swiftly created a replicable regulatory blueprint that represents a win for citizens to maintain ownership over their personal data.  That’s a sacred right in a digital economy where for many years personal data has been abused and monetised without awareness, consent, or recourse,” he added.

ALSO READ: Less than 1% of data breach investigations by ICO resulted in monetary fines

Copyright Lyonsdown Limited 2021

Top Articles

Making employees part of the solution to email security

Security Awareness Training needs to be more than a box-ticking exercise if it is to keep organisations secure from email threats

Windows Hello vulnerability: Bypassing biometric weakness without plastic surgery

Omer Tsarfati, Cyber Security Researcher at CyberArk Labs, describes a flaw that allows hackers to bypass Windows Hello’s facial recognition Biometric authentication is beginning to see rapid adoption across enterprises…

Legacy systems are holding back your digital transformation

Legacy systems pose a threat to organisational security. IT leaders need to be courageous and recognise the need to upgrade their technology

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]