UK data breaches decline despite sharp global rise

Amount of leaked data is down as organisations prepare for GDPR

Approximately 40% fewer data records were stolen or compromised in the UK in 2017 against the previous year, despite more than 2.6 billion records leaked worldwide, new findings show.

Ahead of GDPR legislation coming into force in May, the number of data breaches recorded in the UK declined from 108 in 2016 to 80 last year, according to Gemalto's Data Breach Index 2017, released today.

Approximately 33 million records were compromised in those breaches - a 39% decline on the previous year; the WannaCry attack that hit the NHS and other organisations accounting for 26 million, or 79%, of these records.

The relatively positive outlook for the UK stands in contrast with the US, which accounted for the overwhelming majority of data breaches across the world - 1,453 - followed by the UK in second place.

Joe Pindar, director of product strategy at Gemalto, said that while the outlook for UK businesses isn't wholly negative, they are running out of time to tighten up data protection practices ahead of GDPR implementation.

"On the face of it, UK organisations' security and data protection seem to be improving," he said. "However, with GDPR on the horizon, it's likely that the total amount of lost data will rise nearer in line with the US, who have had to publicly reveal breaches for a number of years."

In its latest Data Breach Index, a global database tracking data breaches and measuring their severity based on multiple dimensions, digital security specialist Gemalto outlined an 88% increase in compromised data records worldwide since 2016, while recording 1,765 reported data breaches - down by 11%. In other words, there were fewer breaches, but more data leaked in those breaches.

Human error was found to be a major risk management and security issue, with accidental loss, improper disposal, misconfigured databases and other security concerns accounting for 1.9 billion exposed records globally - a dramatic 580% increase on the previous year.

While just under half of data incidents in the UK involved a malicious outsider, 39% were attributable to accidental loss. Worldwide, accidental loss accounted for 18% of data breaches and 76% of compromised records.

One significant example of inadvertent data exposure in the UK occurred in 2016 when the personal data of hundreds of University of Greenwich of students, including names, addresses, phone numbers and dates of birth, was exposed when the university accidentally published them online.

Similar instances have also afflicted the NHS in recent years, for instance when the 56 Dean Street clinic in Soho disclosed the names and email addresses of HIV positive patients when it sent out a newsletter that was supposed to be blind carbon copy (BCC), but was instead sent out with details entered in the carbon copy (CC) field.

Pindar added: "Worryingly, for UK organisations, is the number of records being compromised due to accidental loss. Companies are clearly not controlling or even knowing where their sensitive customer data is, so when it comes to complying with key aspects of GDPR like the 'right to be forgotten', what hope is there that hey will be able to remove customer data from all their systems?

"Whilst human error is something that all organisations have to deal with, if it's not correctly encrypted, data can easily be compromised if it got into the wrong hands. With just over a month to go, UK businesses don't have a lot of time to get important points like this."

Globally, the healthcare sector experienced the largest proportion of data breach incidents, 27%, followed by financial services at 12%, and education and government at 11% of incidents each.

Jason Hart, vice president and CTO for data protection at Gemalto, urged companies to adopt a privacy-by-design approach.

He added: "This will be especially important, considering in 2018 new government regulations like Europe's General Data Protection Regulation (GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage."

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Four tips for keeping your business secure during mass remote work
data protection

Four tips for keeping your business secure during mass remote work

19 Feb 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

2 Feb 2021
10 ways to protect your company from the next big data breach
data breaches

10 ways to protect your company from the next big data breach

28 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021