Skip to main content

Human Error, a common theme in the ICO data breach findings #UK #ICO


The ICO recently carried out a study of the recent security incidents that have been reported or notified to the ICO. It's no shock that data breaches are on the rise with two-thirds of sectors studied reporting an increase in the first quarter compared with the same time a year ago, according to new ICO figures.
The data protection watchdog, ICO have shown findings for the period 1 January – 31 March 2016 and uncovered some worrying statistics. Below are the key data security issues for each sector: 

Data security incidents by type:

The main data security issues within the health sector were:
Data being posted or faxed to an incorrect recipient – 22% of incidents.
Loss or theft of paperwork – 20% of incidents.
The main issues for local government were:
Data being posted or faxed to an incorrect recipient – 23% of incidents.
Failure to redact data – 16% of incidents.
Loss of theft of paperwork – 14% of incidents.
The main issues for education were:
Loss or theft of unencrypted devices - 25% of incidents.
Insecure webpages (including hacking incidents) – 19% of incidents.
Data being sent by email to an incorrect recipient – 14% of incidents.
The main issues for general business were:
Insecure webpages (including hacking incidents) – 42% of incidents.
Data being sent by email to an incorrect recipient – 14% of incidents.
Loss or theft of paperwork – 11% of incidents.
The main issues for finance, insurance and credit were:
Data being posted or faxed to an incorrect recipient – 20% of incidents.
Insecure webpages (including hacking incidents) – 16% of incidents.
Data being sent by email to an incorrect recipient – 12% of incidents.
Loss of theft of paperwork – 12% of incidents.
The main issues for the legal sector were:
Loss or theft of paperwork – 28% of incidents.
Data being sent by email to an incorrect recipient – 16% of incidents. 

Full article from ICO Here
What can we draw from this? The key theme here is; Human error. You can have all the tools in the shop but if your users aren't continually educated about Security issues, the policies and procedures the company put in place then these incidents will happen.

The figures are particularly concerning for organizations given the coming EU GDPR, which will levy fines of up to 4% annual global turnover on firms which don’t comply with the new regulation, set to land in May 2018.











Labels:

Comments

Post a Comment

Popular posts from this blog

HCA International fined 200k for Data loss #ITSecurity #DataSecurity #unencrypted

HCA International Ltd, private health firm are the latest to be fined by the ICO.  They have been fined £200,000 for failing to keep data secure after it was found that conversations had by IVF patients were online. Audio recordings of interviews with patients were being sent to a company unencrypted in India for transcription. The Indian company was unable to maintain secure access due to an unsecure server. By failing to ensure its subcontractor had acted responsibly, HCA International failed to comply with the seventh data protection principle. More details on the monetary penalty notice click here Supplier Risk is a huge concern for most companies - You may have all the bells and whistles when it comes to security your infrastructure but your partners may not. Failing to ensure due diligence in the Supply chain costs - with HCA it was £200,000 - next year it would of been much more!! #EUGDPR
1 comment
Read more

Tesco - Sit up and listen

Now I am coming off IT/Cyber Security news for a moment to quickly discuss my thoughts around Tesco's recent reported huge loss in profits -  http://www.bbc.co.uk/news/business-32408661   Tesco has reported the worst results in its history with a record statutory pre-tax loss of £6.4bn for the year to the end of February. Let me start this article/blog by saying, I am no writer and admittedly my grammar is terrible but I will swallow my pride and type away to my hearts content. This is a small piece that doesn't cover everything just thoughts. Taking a step back a moment:  I spent my time at University studying Business and Marketing and I don't claim to be a genius in my field but after watching a BBC report on the recent news made by Tesco, I was dumbfounded to find out Tesco's first grocery store opened nearly 100 years ago.  In the ongoing 'Store wars' with rivals such as Lidl, Aldi, Asda, Morri...
Post a Comment
Read more

New Venture

It's good to be back blogging...the last time I posted I worked as a Customer Success Manager for a DNS company. Since then, I have ventured to the CDN world, with the added mix of Cyber Security, WAF. Cyber Security is a true passion of mine and after nearly 10 years in this space, I love seeing how the industry and technology place has progressed and also ironically, stayed the same. I have enjoyed seeing the likes of Jane Frankland prosper in the field and be truly recognised as a thought leader with 'Women in Security' and her bestselling book 'IN Security'. Over the last few years I have met some truly amazing people, connected through the Women in Leadership platform which introduced me to a range of great individuals that broaden my knowledge into work places, diversity and pushing your own voice. Customer Success (CS), as a function is and should be the core of any business, concentrating on retention, relationship, client advocacy, project managing ...
Post a Comment
Read more