FOI request reveals primary data breach drivers

An FOI request submitted to the Information Commissioner’s Office has revealed that of the 4856 personal data breaches reported in the first half of 2019, 60% were caused by human error. Of those incidents, 43% were the result of incorrect disclosure (with 20% posting or faxing data to the incorrect recipient). Of all data breaches, 18% were reported by companies operating in the healthcare sector.

Tony Pepper, CEO of Egress, which submitted the FOI request said that while organisations are largely fixated on external threats, the “fallibility of people and an inherent inability of employees to send emails to the right person” should be a key focus. “Not every insider breach is the result of reckless or negligent employees, but regardless, the presence of human error in breaches means organisations must invest in technology that works alongside the user in mitigating the insider threat,” he warned.

“The healthcare sector persistently tops the list when analysing the sectors affected by data breaches. This is very concerning, especially given the nature of the data. Why this particular industry continues to suffer from internal breaches is worrying and the sector must quickly take action to identify how it can work towards mitigating the insider threat.”

Personal data breaches: Behind the numbers (Source: Egress)

Analysing the ICO’s personal data breaches for the period by sector reveals the following:

18% were reported within healthcare
16% were reported within central and local government
12% were reported within education
11% were reported within the legal sector
9% were reported within financial services

    Share Story:

Recent Stories

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021