The UK ICO released its detailed report on the 2,425 personal data breaches reported to it in Q1 2021, which shows a startling fact:
Helpfully, the UK ICO releases reports on personal data breaches reported each quarter. The report for Q1 2021 (what the ICO calls Q4 2020-21) has some interesting revelations, particularly when compared to the same report for last year, which we reported on here. Note: the UK ICO figures are the number of reports, not necessarily the number of incidents.
All cyber security incidents (CSIs) together amounted to over a quarter of all breach reports: 27.2% slightly up from 24.8% last year.
But it still means 72.8% were not CSIs which, as we said about last year’s results. can surprise some as it can feel at times as if all data is in digital format, so all breaches must be about cyber security.
Sending emails, faxes and mail to the wrong recipient, or making personal data available to the wrong person, led to 28.9% of all breach reports, also up on 26.6% from last year – and still more than all CSIs together.
Five sectors each reported 10% or more of the total personal data breaches reported to the UK ICO. Those Top / Worst 5 Sectors are:
… take a guess before you look! …
Some really interesting points here (if you’re a geek or if you’re in one of these sectors):
And it would be even more interesting to dive into number of breaches normalised for number of businesses, number of employees, or aggregate turnover. For a quick taster, the UK Government figures for March 2020 report:
They’re not the same sector definitions as the UK ICO uses, but it rings true that Finance has far fewer businesses than Retail & Manufacture, which gives an interesting angle on the above stats. One would certainly think that Finance is a more regulated industry in terms of compliance, given the FCA regulations, the need for Compliance Officers, compliance training etc. And we’d wager that your typical Finance house is a more valuable target to hackers than your average retailer (no offence). Lots to dig into here!
Analysis is all well and good, but what are you to take away from all this? The UK ICO gives 3 tips, all around redactions:
Our recommendations have a different emphasis:
Stay safe out there!
As an IAPP member, Keepabl is proud to sponsor the IAPP Data Protection Intensive: UK 2019 and to run a session on breach in the first morning (Wednesday 13th at 10:40).…