Actu
Number of organisations reporting data breaches or being reported to ICO reaches three-year high, Apricorn survey reveals
August 2022 by Apricorn
More than 40 per cent of UK IT decision makers have revealed that their organisation has notified the ICO of a data breach/potential breach since GDPR came into effect, or are aware that they have been reported by someone else. This is according to an annual survey conducted by Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives.
The number of organisations reporting breaches to the ICO has steadily increased from 25 per cent in 2020 to 37 per cent in 2022. This could be a sign of both the increase in breaches in general, and the ongoing drive to meet GDPR compliance, along with its requirement to report a breach, now the regulations have been in effect for four years.
Worryingly, over 60 per cent of surveyed IT decision makers still expect that their mobile/remote workers will expose them to the risk of a data breach, and almost 30 per cent confirmed that over the last year, their organisation’s mobile/remote workers have knowingly put corporate data at risk of a breach.
What’s more, when questioned on the main causes of data breaches within their organisation, phishing emails maintained their place at number one, with 40 per cent citing it as the main cause of a breach. This has increased from 35 per cent in 2021 and is more than double the 19 per cent in 2020.
This demonstrates the continued need for education around cybersecurity best practice, particularly given that the other main causes taking the top spots were also a result of user error. Thirty-seven per cent blamed employees unintentionally putting data at risk, while 21 per cent say breaches were mainly down to remote/mobile workers. Another 21 per cent cited lost/misplaced devices containing sensitive corporate information, making this the joint third biggest cause of a breach.
“Breaches will happen – and unfortunately, whether intentional or not, employees’ actions or user error are frequently to blame. Education has a critical part to play in helping to engage employees in strengthening the company’s security posture. They need to fully understand the context around what they’re being asked to do: the specific threats the business faces, the risks associated with mishandling information, and the potential consequences to the organisation of a breach,” said Jon Fielding, Managing Director EMEA of Apricorn.
It seems that implementing a cybersecurity plan particularly for remote/mobile working also comes with many problems:
• 38 per cent of respondents noted that employees lack awareness of the risks to data when mobile/remote working and will unintentionally expose them to the risk of a data breach
• 31 per cent said those employees who are aware of the risks of a data breach will lose data and expose them to the risk of a breach, and
• 42 per cent said managing all of the technology that employees need and use for mobile/remote working is too complex when implementing a cybersecurity plan.
“The risks posed to data within organisations today continue to be concerning, particularly given that our survey also found that almost a quarter of respondents who have had to recover from a backup have only been able to recover some of their data or documents. Having data backups in place, in addition to a policy of encryption, increases resilience – allowing mission-critical applications to remain functional in the case of a data breach or loss and ensuring information can be recovered and restored quickly,” added Fielding.
