The ICO recently carried out a study of the recent security incidents that have been reported or notified to the ICO. It's no shock that data breaches are on the rise with two-thirds of sectors studied reporting an increase in the first quarter compared with the same time a year ago, according to new ICO figures.
The data protection watchdog, ICO have shown findings for the period 1 January – 31 March 2016 and uncovered some worrying statistics. Below are the key data security issues for each sector:
Data security incidents by type:
The main data security issues within the health sector were:
Data being posted or faxed to an incorrect recipient – 22% of incidents.
Loss or theft of paperwork – 20% of incidents.
The main issues for local government were:
Data being posted or faxed to an incorrect recipient – 23% of incidents.
Failure to redact data – 16% of incidents.
Loss of theft of paperwork – 14% of incidents.
The main issues for education were:
Loss or theft of unencrypted devices - 25% of incidents.
Insecure webpages (including hacking incidents) – 19% of incidents.
Data being sent by email to an incorrect recipient – 14% of incidents.
The main issues for general business were:
Insecure webpages (including hacking incidents) – 42% of incidents.
Data being sent by email to an incorrect recipient – 14% of incidents.
Loss or theft of paperwork – 11% of incidents.
The main issues for finance, insurance and credit were:
Data being posted or faxed to an incorrect recipient – 20% of incidents.
Insecure webpages (including hacking incidents) – 16% of incidents.
Data being sent by email to an incorrect recipient – 12% of incidents.
Loss of theft of paperwork – 12% of incidents.
The main issues for the legal sector were:
Loss or theft of paperwork – 28% of incidents.
What can we draw from this? The key theme here is; Human error. You can have all the tools in the shop but if your users aren't continually educated about Security issues, the policies and procedures the company put in place then these incidents will happen.
The figures are particularly concerning for organizations given the coming EU GDPR, which will levy fines of up to 4% annual global turnover on firms which don’t comply with the new regulation, set to land in May 2018.
Read our Blog on the Top 10 Considerations for Truly effective Security Awareness Training
No comments:
Post a Comment