UK data breaches decline despite sharp global rise

Amount of leaked data is down as organisations prepare for GDPR

Approximately 40% fewer data records were stolen or compromised in the UK in 2017 against the previous year, despite more than 2.6 billion records leaked worldwide, new findings show.

Ahead of GDPR legislation coming into force in May, the number of data breaches recorded in the UK declined from 108 in 2016 to 80 last year, according to Gemalto's Data Breach Index 2017, released today.

Advertisement - Article continues below

Approximately 33 million records were compromised in those breaches - a 39% decline on the previous year; the WannaCry attack that hit the NHS and other organisations accounting for 26 million, or 79%, of these records.

The relatively positive outlook for the UK stands in contrast with the US, which accounted for the overwhelming majority of data breaches across the world - 1,453 - followed by the UK in second place.

Joe Pindar, director of product strategy at Gemalto, said that while the outlook for UK businesses isn't wholly negative, they are running out of time to tighten up data protection practices ahead of GDPR implementation.

"On the face of it, UK organisations' security and data protection seem to be improving," he said. "However, with GDPR on the horizon, it's likely that the total amount of lost data will rise nearer in line with the US, who have had to publicly reveal breaches for a number of years."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In its latest Data Breach Index, a global database tracking data breaches and measuring their severity based on multiple dimensions, digital security specialist Gemalto outlined an 88% increase in compromised data records worldwide since 2016, while recording 1,765 reported data breaches - down by 11%. In other words, there were fewer breaches, but more data leaked in those breaches.

Human error was found to be a major risk management and security issue, with accidental loss, improper disposal, misconfigured databases and other security concerns accounting for 1.9 billion exposed records globally - a dramatic 580% increase on the previous year.

While just under half of data incidents in the UK involved a malicious outsider, 39% were attributable to accidental loss. Worldwide, accidental loss accounted for 18% of data breaches and 76% of compromised records.

One significant example of inadvertent data exposure in the UK occurred in 2016 when the personal data of hundreds of University of Greenwich of students, including names, addresses, phone numbers and dates of birth, was exposed when the university accidentally published them online.

Advertisement - Article continues below

Similar instances have also afflicted the NHS in recent years, for instance when the 56 Dean Street clinic in Soho disclosed the names and email addresses of HIV positive patients when it sent out a newsletter that was supposed to be blind carbon copy (BCC), but was instead sent out with details entered in the carbon copy (CC) field.

Pindar added: "Worryingly, for UK organisations, is the number of records being compromised due to accidental loss. Companies are clearly not controlling or even knowing where their sensitive customer data is, so when it comes to complying with key aspects of GDPR like the 'right to be forgotten', what hope is there that hey will be able to remove customer data from all their systems?

"Whilst human error is something that all organisations have to deal with, if it's not correctly encrypted, data can easily be compromised if it got into the wrong hands. With just over a month to go, UK businesses don't have a lot of time to get important points like this."

Advertisement - Article continues below

Globally, the healthcare sector experienced the largest proportion of data breach incidents, 27%, followed by financial services at 12%, and education and government at 11% of incidents each.

Jason Hart, vice president and CTO for data protection at Gemalto, urged companies to adopt a privacy-by-design approach.

He added: "This will be especially important, considering in 2018 new government regulations like Europe's General Data Protection Regulation (GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage."

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020