Data Security Incidents Spike as Human Error Dominates
The number of data security incidents reported to the UK’s Information Commissioner’s Office (ICO) jumped 17% between the final three months of 2017 and the first quarter of 2018, according to new figures.
In its last update before the EU GDPR takes effect, the privacy watchdog revealed a rise in incident reports from 815 to 957. Although cybersecurity-related incidents increased by 31% from the previous quarter, the first month-on-month increase since Q4 2016-17, human error dominated.
In fact, over the 2017-18 financial year, 3325 reports were filed with the ICO, with the number one breach type “data emailed to incorrect recipient,” (13%) followed closely behind by “data faxed to wrong recipient” (13%). Also high was “loss or theft of paperwork” (13%).
The healthcare sector accounted for by far the largest volume of reports (37%), although this figure is likely to be a result of mandatory reporting rules. After health came “general business” (11%), education (11%) and local government (10%).
Nominet CTO, Simon McCalla, argued that the rise in reported incidents may be the result of companies becoming more cautious ahead of the GDPR
“Interestingly, there are far more incidents caused by human error than there are external cyber-threats, suggesting that a lot more work needs to be done on training employees,” he added.
“Often, however, cyber-threats can lay unnoticed for months or even years and so this data may well be skewed towards incidents that are immediately identifiable. This information should not, therefore, lure anyone into a false sense of security. We’d encourage all organizations across the UK to up their vigilance against any and all threats, whether that’s external threats lying dormant or unwitting employees making mistakes.”
Egress CEO, Tony Pepper, claimed that the challenges presented by human error can be resolved by better arming staff via training and tools.
"Now the GDPR is upon us, it is more imperative than ever that organizations adopt an approach that’s focused on users, working out what technology and support they can give their employees to help them handle data safely at work,” he added.
Source: Information Security Magazine