Which sectors suffer the most data breaches?
Individual data breaches are causing misery and upset to people across the UK. At Hayes Connor, we deal with many cases on behalf of clients who have had their data mishandled by organisations. And, we've seen first-hand just how devastating the experience can be.
The UK's data protection regulator - the Information Commissioner's Office - regularly publishes information about data security incidents. And, one of the things it sheds a light on, is the sectors that are reporting the most data breaches. The ICO publishes this info to help organisations understand the current threats, and to help them to take appropriate action.
So, what does the latest ICO report say?
The health sector reports the most data breaches
In Q4 2019-20, the UK's health sector reported 419 data breach incidents. That is a drop of 22% since the last report. Of these incidents, the overwhelming majority of breaches were down to "non-cyber incidents". This means that the privacy violations were likely to be caused by human error and/or poor processes rather than cybercriminals.
Retail and manufacture reported the most cyber incidents
In the same period, the retail and manufacture sector reported 103 cyber incidents. Of these:
- 4% were brute force attacks
- 6% happened because of hardware/software misconfiguration
- 5% were down to malware
- 29% occurred due to phishing
- 12% were ransomware attacks
- 17% happened following unauthorised access.
Overall there has been a drop in data breach reporting
Which, on the face of it seems like good news. But this doesn't necessarily mean that data privacy has improved. Because, according to the ICO, "these figures are based on the number of reports submitted by the data controller, not necessarily the number of incidents." And, what is becoming more and more apparent is that many organisations do not know that a data breach has occurred until much, much later.
Non-cyber security incidents remain the biggest cause of data breaches
Despite fears about cybercrime, it is human error that is still the leading cause of data breaches. This includes:
- Data being sent to the wrong recipient (13% of all data breaches)
- Data posted/faxed to the wrong recipient (10% of all data breaches)
- Failure to redact data (4 % of all data breaches)
- Failure to use bcc when sending an email (4 % of all data breaches)
- Loss/theft of device containing personal data (4 % of all data breaches)
- Loss/theft of paperwork or data left in insecure location (8% of all data breaches)
- Other non-cyber incident (27% of all data breaches)
Phishing is by far the biggest cause of cybersecurity incidents
Phishing accounted for 10% of all data breaches reported in Q4 2019-20. That makes it the biggest cause of cybersecurity incidents. The second was unauthorised access (7%).
Public trust is being abused
Today, organisations handle some of our most sensitive and personal data. And we have the right to expect this will be looked after. Adequate and robust protections are especially important as the world becomes increasingly digital. Furthermore, with human error the leading cause of data breaches, staff must have the training, knowledge and ability to handle our data securely. But all too often this isn't happening.
An established and trusted firm, at Hayes Connor Solicitors we have been helping people to claim compensation for over 50 years.
Helping you to claim compensation and steering you through the aftermath of a data breach, we minimise the impact on you as much as possible. And, because we are passionate about securing justice for our clients, we offer no-win, no-fee funding arrangements to reduce the pressure at an already difficult time.
To speak to our data protection experts about starting a claim, please contact us for a free initial assessment of your case.