UK data breaches decline despite sharp global rise

Amount of leaked data is down as organisations prepare for GDPR

Approximately 40% fewer data records were stolen or compromised in the UK in 2017 against the previous year, despite more than 2.6 billion records leaked worldwide, new findings show.

Ahead of GDPR legislation coming into force in May, the number of data breaches recorded in the UK declined from 108 in 2016 to 80 last year, according to Gemalto's Data Breach Index 2017, released today.

Approximately 33 million records were compromised in those breaches - a 39% decline on the previous year; the WannaCry attack that hit the NHS and other organisations accounting for 26 million, or 79%, of these records.

The relatively positive outlook for the UK stands in contrast with the US, which accounted for the overwhelming majority of data breaches across the world - 1,453 - followed by the UK in second place.

Joe Pindar, director of product strategy at Gemalto, said that while the outlook for UK businesses isn't wholly negative, they are running out of time to tighten up data protection practices ahead of GDPR implementation.

"On the face of it, UK organisations' security and data protection seem to be improving," he said. "However, with GDPR on the horizon, it's likely that the total amount of lost data will rise nearer in line with the US, who have had to publicly reveal breaches for a number of years."

In its latest Data Breach Index, a global database tracking data breaches and measuring their severity based on multiple dimensions, digital security specialist Gemalto outlined an 88% increase in compromised data records worldwide since 2016, while recording 1,765 reported data breaches - down by 11%. In other words, there were fewer breaches, but more data leaked in those breaches.

Human error was found to be a major risk management and security issue, with accidental loss, improper disposal, misconfigured databases and other security concerns accounting for 1.9 billion exposed records globally - a dramatic 580% increase on the previous year.

While just under half of data incidents in the UK involved a malicious outsider, 39% were attributable to accidental loss. Worldwide, accidental loss accounted for 18% of data breaches and 76% of compromised records.

One significant example of inadvertent data exposure in the UK occurred in 2016 when the personal data of hundreds of University of Greenwich of students, including names, addresses, phone numbers and dates of birth, was exposed when the university accidentally published them online.

Similar instances have also afflicted the NHS in recent years, for instance when the 56 Dean Street clinic in Soho disclosed the names and email addresses of HIV positive patients when it sent out a newsletter that was supposed to be blind carbon copy (BCC), but was instead sent out with details entered in the carbon copy (CC) field.

Pindar added: "Worryingly, for UK organisations, is the number of records being compromised due to accidental loss. Companies are clearly not controlling or even knowing where their sensitive customer data is, so when it comes to complying with key aspects of GDPR like the 'right to be forgotten', what hope is there that hey will be able to remove customer data from all their systems?

"Whilst human error is something that all organisations have to deal with, if it's not correctly encrypted, data can easily be compromised if it got into the wrong hands. With just over a month to go, UK businesses don't have a lot of time to get important points like this."

Globally, the healthcare sector experienced the largest proportion of data breach incidents, 27%, followed by financial services at 12%, and education and government at 11% of incidents each.

Jason Hart, vice president and CTO for data protection at Gemalto, urged companies to adopt a privacy-by-design approach.

He added: "This will be especially important, considering in 2018 new government regulations like Europe's General Data Protection Regulation (GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage."

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now


Misconfigured Git servers lead to Nissan data leak

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
Data: A resource much too valuable to leave unprotected

Data: A resource much too valuable to leave unprotected

2 Dec 2020
Webhose and Signal Corp boost data breach detection

Webhose and Signal Corp boost data breach detection

7 Oct 2020

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021