ICO receives 88% rise in reported security breaches from 2015 to 2016

The number of security breaches reported by organisations to the Information Commissioner's Office (ICO) rose from 1,089 in 2015 to 2,048 this year during a similar period, reflecting an 88 percent increase.

 

According to a Freedom of Information request by Huntsman Security, data disclosed in error and breaches in security were the primary reasons for the reported incidents nearly doubling. There were more incidents where the ICO took “No Action” in 2015-2016 than were reported in all of the previous year.

 

Organisations in the financial sector were responsible for reporting less than six percent of all incidents, but they attracted 33 percent of all financial penalties pursued by the ICO suggesting the severe nature of financial sector data breaches.

 

Nearly two-thirds (64 percent) of incidents reported to the ICO came from the healthcare (941), local government (202) and education (172) sectors, accounting for the highest volume of data breaches.

 

The number of security breaches for local government rose by only 14 percent, showing signs of improvement in comparison to other sectors.

 

UK utilities companies reported just two breaches to the ICO over the past 12 months, but this seems unlikely to provide the full picture given the high risk of these firms as targets.

 

“Quite simply, no news is bad news: if breaches aren't being detected, it most likely just means that security analysts are having difficulty finding the needles in the haystack. To help them see through the noise generated by security alerts, organisations must find a way to automate threat verification and eliminate the wasted effort that result from false alarms. By using machine-learning to identify otherwise ‘invisible' threats, security analysts can easily identify those that really matter, and as a result, significantly reduce their time at risk from cyber-threats. This in conjunction with automation and streamlining the incident management process means that organisations can put themselves, the ICO and the wider public at greater ease that our data is safe in their hands,” said Peter Woollacott, CEO of Huntsman Security.