FOI request reveals primary data breach drivers

An FOI request submitted to the Information Commissioner’s Office has revealed that of the 4856 personal data breaches reported in the first half of 2019, 60% were caused by human error. Of those incidents, 43% were the result of incorrect disclosure (with 20% posting or faxing data to the incorrect recipient). Of all data breaches, 18% were reported by companies operating in the healthcare sector.

Tony Pepper, CEO of Egress, which submitted the FOI request said that while organisations are largely fixated on external threats, the “fallibility of people and an inherent inability of employees to send emails to the right person” should be a key focus. “Not every insider breach is the result of reckless or negligent employees, but regardless, the presence of human error in breaches means organisations must invest in technology that works alongside the user in mitigating the insider threat,” he warned.

“The healthcare sector persistently tops the list when analysing the sectors affected by data breaches. This is very concerning, especially given the nature of the data. Why this particular industry continues to suffer from internal breaches is worrying and the sector must quickly take action to identify how it can work towards mitigating the insider threat.”


Personal data breaches: Behind the numbers (Source: Egress)

Analysing the ICO’s personal data breaches for the period by sector reveals the following:

18% were reported within healthcare
16% were reported within central and local government
12% were reported within education
11% were reported within the legal sector
9% were reported within financial services

    Share Story:

Recent Stories