The text and graph below is a synopsis from one element of the ICO’s report into data breaches as reported to him during Jul-Sep 2015; the link to the full report that was only issued on 22 Dec is here: https://ico.org.uk/action-weve-taken/data-security-incident-trends/
From July to September 2015, 559 information security incidents were reported to the authority – a 43% increase on the number of reports received in the previous quarter. What’s astonishing is the mix:
Number of Incidents
- Health (278)
- Local Government (60)
- Education (43)
- Finance, Insurance & Credit (31)
- Justice (24)
- Legal (21)
- Charitable & Voluntary (17)
- General Business (15)
- Land & Property Services (15)
- Other (55)
If you pay attention to each type of incident, you will see that they are almost all connected to staff misconduct or carelessness (and the exceptions – Principle 7 failures – may also include this sort of fault). Despite the largest number of reports being about loss or theft of paperwork (21.46% of the total), digital security incidents are on the rise: there was a 158% increase in emails sent to incorrect recipients compared to the previous quarter. The sectors affected the most by this type of incident were finance, insurance and credit (22.58% of total incidents), education (20.43%), local government (16.60%), and health (11.51%).

Andrew Taylor
CEO of Bronzeye IBRM
BronzeyeIBRM offers an affordable monthly subscription-based information and cyber security service to SMEs and others.