Incidence of data security breaches received by the UK’s Information Commissioner (ICO) has surged 75 per cent over the past two years, according to new analysis by Kroll, the risk mitigation and investigative services company. The overwhelming majority were down to human error, rather than malicious cyber incidents.
Around 2,124 reports could be attributed to human error, compared to just 292 that were deliberate cyber incidents, Kroll said, with the most common types of incidents being confidential data being emailed to the incorrect recipient (447 incidents), loss or theft of paperwork (438) and data left in an insecure location (164).
Most guilty of such breaches was the healthcare sector, which reported 1,214 incidents over the past year, a 41 per cent increase over two years. This is followed by general business (362), education and childcare (354) and local government (328).
Andrew Beckett, managing director and EMEA Leader for Kroll’s Cyber Risk Practice, explained: “Reporting data breaches wasn’t mandatory for most organisations before the GDPR came into force, so while the data is revealing, it only gives a snapshot into the true picture of breaches suffered by organisations in the UK.”
BA, Marriott Face Massive Fines For Data Loss
If proof was needed that poor data protection is bad for the corporate wallet, two examples have demonstrated that substantial fines face those organisations that have lax data security.read more
Cumbria First Police Force To Utilise NMC Tools
Cumbria Constabulary has become the first police force to use the National Management Centre (NMC) for cybersecurity set up under the National Police Chiefs’ Council (NPCC).read more
Phishing Attacks Bypassing 2-Factor Authentication
Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block, reports CSO Magazine.read more
Third of Breaches Caused By Unpatched Vulnerabilities
IT security professionals have admitted that a third of cybersecurity breaches are the result of vulnerabilities that they should have patched.read more