UK data breaches decline despite sharp global rise

Amount of leaked data is down as organisations prepare for GDPR

Approximately 40% fewer data records were stolen or compromised in the UK in 2017 against the previous year, despite more than 2.6 billion records leaked worldwide, new findings show.

Ahead of GDPR legislation coming into force in May, the number of data breaches recorded in the UK declined from 108 in 2016 to 80 last year, according to Gemalto's Data Breach Index 2017, released today.

Advertisement - Article continues below

Approximately 33 million records were compromised in those breaches - a 39% decline on the previous year; the WannaCry attack that hit the NHS and other organisations accounting for 26 million, or 79%, of these records.

The relatively positive outlook for the UK stands in contrast with the US, which accounted for the overwhelming majority of data breaches across the world - 1,453 - followed by the UK in second place.

Joe Pindar, director of product strategy at Gemalto, said that while the outlook for UK businesses isn't wholly negative, they are running out of time to tighten up data protection practices ahead of GDPR implementation.

"On the face of it, UK organisations' security and data protection seem to be improving," he said. "However, with GDPR on the horizon, it's likely that the total amount of lost data will rise nearer in line with the US, who have had to publicly reveal breaches for a number of years."

Advertisement - Article continues below
Advertisement - Article continues below

In its latest Data Breach Index, a global database tracking data breaches and measuring their severity based on multiple dimensions, digital security specialist Gemalto outlined an 88% increase in compromised data records worldwide since 2016, while recording 1,765 reported data breaches - down by 11%. In other words, there were fewer breaches, but more data leaked in those breaches.

Human error was found to be a major risk management and security issue, with accidental loss, improper disposal, misconfigured databases and other security concerns accounting for 1.9 billion exposed records globally - a dramatic 580% increase on the previous year.

While just under half of data incidents in the UK involved a malicious outsider, 39% were attributable to accidental loss. Worldwide, accidental loss accounted for 18% of data breaches and 76% of compromised records.

One significant example of inadvertent data exposure in the UK occurred in 2016 when the personal data of hundreds of University of Greenwich of students, including names, addresses, phone numbers and dates of birth, was exposed when the university accidentally published them online.

Advertisement - Article continues below

Similar instances have also afflicted the NHS in recent years, for instance when the 56 Dean Street clinic in Soho disclosed the names and email addresses of HIV positive patients when it sent out a newsletter that was supposed to be blind carbon copy (BCC), but was instead sent out with details entered in the carbon copy (CC) field.

Pindar added: "Worryingly, for UK organisations, is the number of records being compromised due to accidental loss. Companies are clearly not controlling or even knowing where their sensitive customer data is, so when it comes to complying with key aspects of GDPR like the 'right to be forgotten', what hope is there that hey will be able to remove customer data from all their systems?

"Whilst human error is something that all organisations have to deal with, if it's not correctly encrypted, data can easily be compromised if it got into the wrong hands. With just over a month to go, UK businesses don't have a lot of time to get important points like this."

Advertisement - Article continues below

Globally, the healthcare sector experienced the largest proportion of data breach incidents, 27%, followed by financial services at 12%, and education and government at 11% of incidents each.

Jason Hart, vice president and CTO for data protection at Gemalto, urged companies to adopt a privacy-by-design approach.

He added: "This will be especially important, considering in 2018 new government regulations like Europe's General Data Protection Regulation (GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020