Data breach reports drop 20% due to Covid-19, ICO says


The Information Commissioner’s Office (ICO) announced that reports of personal data breaches decreased by 20% in fiscal year 2020/21.

The numbers published in the annual report of the ICO showed a decrease from 11,854 in FY2019 / 20 to 9,532 in FY2020 / 21.

The report cites the Covid-19 pandemic as the main reason for this decline and highlights the impact of the new mandatory reporting of violations in sectors that handle large amounts of personal data.

The healthcare industry reported the highest number of data breaches, the report said, accounting for 16.8% of all data breaches reported to the ICO in the past fiscal year. Education and childcare ranked second with 1,160 incidents, representing 13.6%.

It is followed by retail and manufacturing with 10.9%, financial insurance and credit accounting for 10.5% and “Local Authorities” with 8.8% of the reported cases in fifth place.

According to the ICO, a huge 71.4% of reported personal data breaches resulted in no further action, while 21.6% were further investigated. The report also added that 3.9% of personal data breaches resulted in informal actions, while 0.1% actually resulted in formal actions – which included administrative penalties or a lower fine.

Despite the surprising decline in personal data breach incidents, Chris Ross, SVP Sales International for Barracuda Networks, says business owners and employees must not be complacent.

“Despite the numbers, cyberattacks targeting remote workers and businesses have increased in intensity over the past 18 months,” he commented.

“This is mainly due to the fact that for the first time more employees were working from home and thus more sensitive data was processed via email, cloud storage and personal devices than ever before, which is a gold mine of opportunities for hackers.”

He added that a general lack of safety precautions and training while working remotely has also contributed to a number of bad and dangerous habits among some employees.

“In fact, our recent research found that malicious email spent an average of 83 hours in an employee’s inbox before being detected or remedied in the process,” he added.

“Companies must therefore ensure that all employees receive regular and individual training on their safety so that they can assess the seriousness of this threat and react accordingly.”