ICO Breach Reports Continue to Rise in Q2
The number of data security incidents reported to the Information Commissioner’s Office (ICO) has jumped 29% from Q1 to Q2, according to the latest figures.
While 3146 incidents were reported to the watchdog between April and June this year, the number rose to 4056 for the succeeding three months, highlighting the continued impact of the GDPR which mandates 72-hour breach notifications.
The overall increase in reported incidents year-on-year is a whopping 490%.
“Similar to what we observed in the ICO’s previous report, this doesn’t necessarily mean that organizations are experiencing more incidents — but it definitely means that more are now being reported,” said Egress Software Technologies CEO, Tony Pepper. “The increased awareness for organisations to tread carefully has been fuelled by GDPR, as well as the significant data breach incidents that recognizable brands have suffered.”
Disclosure of data usually accounted for the majority of incidents reported in each sector, followed by “security”.
The “general business” category accounted for the majority of incidents during the July-September period (847), followed by health (619), legal (311) and local government (300).
However, according to Egress, the biggest rise in reported incidents came from the media sector (633%), albeit from a low figure. General business (87%), legal (63%), transport and leisure (57%) and finance (49%) also saw significant increases.
The two biggest fines issued by the ICO during the period were the maximum £500,000 levied against Equifax for its notorious 2017 breach and £175,000 against private healthcare provider Bupa.
The value of fines increased 24% in the year to September 30 versus the previous year, to reach nearly £5m, but there are potentially much bigger penalties on the way under the new regime, a law firm has warned.
While the GDPR has raised awareness of data breaches and improved reporting, it is also threatening to overwhelm the regulator. The ICO complained in September that it has been receiving 500 calls per week to its helpline since the new law landed in May.
Source: Information Security Magazine