Data breach reports drop 20% due to Covid-19, ICO says
Only 21.6% of data breach reports led to further regulatory action
The Information Commissioner’s Office (ICO) has revealed that there was a 20% fall in personal data breach reports during financial year 2020/21.
The figures, which were published in the ICO’s annual report, revealed a drop from 11,854 in FY2019/20 to 9,532 in FY2020/21.
The report attributes the Covid-19 pandemic as the primary reason for this decline, as well as noting the effect of new mandatory breach reporting in sectors that handle large volumes of personal data.
The healthcare industry reported the highest number of data breaches, the report revealed, making up 16.8% of all personal data breaches reported to the ICO in the last financial year. Education and childcare came in second with 1,160 incidents, making up 13.6%.
Behind those, retail and manufacturing were next at 10.9%, Financial insurance and credit made up 10.5%, and ‘local government’ was fifth with 8.8% of reported cases.
According to the ICO, a huge 71.4% of those reported personal data breaches led to no further action, while 21.6% were investigated further. The report also added that 3.9% of personal data breaches led to informal action being taken, while 0.1% actually led to formal action – which included administrative punishment or a lower-tier fine.
Despite the surprising decline in personal data breach incidents, Chris Ross, SVP Sales International for Barracuda Networks, says business owners and workers must not get complacent.
“Despite what the figures suggest, cyber-attacks targeting remote workers and businesses have increased in intensity over the last 18 months,” he commented.
“This is particularly because more employees were working from home for the first time, and thus more sensitive data has been handled across email, cloud storage and personal devices than ever before, presenting a gold mine of opportunity for hackers.”
He added that a general lack of security provisions and training throughout remote working also contributed to a number of bad and dangerous habits across some employees.
“Our recent research even revealed that malicious emails spend, on average, 83 hours in an employee’s inbox before it is detected or resolved, and perhaps most worryingly, nearly 1 in 30 will click on a link in a malicious email, potentially compromising important business data in doing so,” he added.
“Therefore, businesses must ensure that all employees are provided with regular and tailored security training, so that they can appreciate the seriousness of this threat and react accordingly.”
Activation playbook: Deliver data that powers impactful, game-changing campaigns
Bringing together data and technology to drive better business outcomesFree Download
In unpredictable times, a data strategy is key
Data processes are crucial to guide decisions and drive business growthFree Download
Achieving resiliency with Everything-as-a-Service (XAAS)
Transforming the enterprise IT landscapeFree Download
What is contextual analytics?
Creating more customer value in HR software applicationsFree Download