Data Security Incident Trends

The text and graph below is a synopsis from one element of the ICO’s report into data breaches as reported to him during Jul-Sep 2015; the link to the full report that was only issued on 22 Dec is here: https://ico.org.uk/action-weve-taken/data-security-incident-trends/

From July to September 2015, 559 information security incidents were reported to the authority – a 43% increase on the number of reports received in the previous quarter. What’s astonishing is the mix:

Number of Incidents

  • Health (278)
  • Local Government (60)
  • Education (43)
  • Finance, Insurance & Credit (31)
  • Justice (24)
  • Legal (21)
  • Charitable & Voluntary (17)
  • General Business (15)
  • Land & Property Services (15)
  • Other (55)

 

If you pay attention to each type of incident, you will see that they are almost all connected to staff misconduct or carelessness (and the exceptions – Principle 7 failures – may also include this sort of fault). Despite the largest number of reports being about loss or theft of paperwork (21.46% of the total), digital security incidents are on the rise: there was a 158% increase in emails sent to incorrect recipients compared to the previous quarter. The sectors affected the most by this type of incident were finance, insurance and credit (22.58% of total incidents), education (20.43%), local government (16.60%), and health (11.51%).

Andrew Taylor

CEO of Bronzeye IBRM

BronzeyeIBRM offers an affordable monthly subscription-based information and cyber security service to SMEs and others.