Less than 40% of businesses and charities have made improvements to their cybersecurity since GDPR
In April, the government published its annual Cyber Security Breaches survey. This looks at how UK organisations approach cybersecurity. It also looks at the impact of a data protection breach. This report found that security has become a priority issue for organisations. But worryingly, only 30% of businesses and 37% charities have made improvements to their cybersecurity since GDPR. So, to meet the requirements of the Data Protection Act more must be done.
Of those who have made improvements to stop cyberattacks and data breaches:
- 60% of business and charities have created new policies
- 15% of businesses and 17% of charities have had extra staff training or communications
- 6% of businesses and 10% of charities have improved their contingency plans.
Training is essential to prevent data breaches and cyber attacks
We found a lack of staff training to be especially worrying. Because, according to the Information Commissioner's Office (ICO), accidental disclosure or human error is a leading cause of personal data breaches.
In fact, basic employee training could have a huge impact on an organisation's cyber awareness and overall security. And, every day our data breach solicitors work on Data Protection Act cases where human error has allowed cybercrime to happen.
So, if an organisation's security is only as strong as its weakest link, in many cases this Achilles' heel is its own workforce.
What type of data breach training do employees need?
In many cases, data breaches can be avoided by staff abiding by the data protection principles of their businesses. But it is up to employers to make sure that all staff receive regular data protection training. This should be on things like:
- Why robust processes are needed
- The potential consequences of breaching data protection laws. These consequences can include damage to a business and even criminal charges for employees if they deliberately access data without a legitimate reason
- Training to ensure that everyone is aware of the online safety rules and expectations
- Awareness programs on how to recognise common threats such as phishing scams, malware etc.
- Staff training on reporting measures, so people know how to respond to any threats.
What are the most common cybersecurity threats?
According to the report, the most common attacks are:
- Phishing emails. With 80% of businesses and 81% of charities experiencing breaches or attacks
- Others impersonating an organisation online (28% and 20%)
- Viruses or other malware, including ransomware (27% and 18%).
Organisations must do more to protect their data or face the consequences
The Data Protection Act (the UK's interpretation of the GDPR), exists to protect the privacy of individuals. However, many organisations have struggled to keep up with changes in the rules. And this could leave everyone vulnerable.
In response, our data protection solicitors help our clients to make compensation claims. We do this after their data was put at risk by the organisations they trusted to look after it.
You have a right to claim compensation if you or a member of your family has suffered damage or distress caused by a breach of the Data Protection Act.