ICO sees 20% decline in reports of data breaches


The Information Commissioners Office (ICO) saw data breach reports decrease by 20%, with the numbers falling from 11,854 in 2019/20 to 9,532 in the most recent fiscal year (FY).

The numbers were published in the ICO’s annual report last week and have since been analyzed by a think tank on Parliament Street. The ICO paper cites the pandemic as the driving force behind the sharp decline, and also claims that the introduction of mandatory reporting of violations in all sectors that address significant amounts of personal data has contributed to the decline in reports.

Healthcare was the most heavily targeted privacy breach industry in FY 20/21, accounting for 16.8% of reports submitted to the ICO. Education and childcare were the second most frequently addressed sectors at 13.6% (1,160 personal data breach incidents).

Retail and manufacturing came third with 10.9%, followed by finance and credit (10.5%) and “municipalities” in fifth place (8.8%).

While a considerable majority (71.4%) of all personal data breaches reported to the ICO did not result in further action, more than a fifth (21.6%) required further investigation, although the specific results of these cases were not clarified.

However, the report found that 3.9% of personal data breaches resulted in “informal” action and only 0.1% of cases resulted in formal action – including administrative penalties or a lower fine.

“While the ICO reported a surprising drop in personal data breach incidents this year, business owners and workers must not be complacent,” commented Chris Ross of Barracuda Networks. “Despite what the numbers suggest, cyber attacks on remote workers and businesses have increased in intensity over the past 18 months. This is particularly due to the fact that for the first time ever more employees were working from home and thus more sensitive data was handled via email, cloud storage and personal devices than ever before, which is a gold mine for hackers.

“A general lack of security precautions and training while working remotely also contributed to a number of bad and dangerous habits among some employees,” added Ross, noting that recent research by Barracuda Networks showed that malicious email spent an average of 83 hours Spend a year in an employee’s inbox before it’s detected or fixed, while nearly one in 30 clicks a link in malicious email, potentially putting critical business information at risk.

“Therefore,” he said, “companies must ensure that all employees receive regular and tailored security training so that they can assess the seriousness of this threat and respond appropriately.”

In Other News: Loughborough’s New ‘Lovelace’ Computer ‘A Big Step Forward’