The Information Commissioners Office (ICO) has seen a 20% reduction in reports of data breaches, with figures falling from 11,854 in 2019/20, to 9,532 in the most recent financial year (FY).
The figures were published last week in the ICO’s annual report, and have since been analysed by a Parliament Street think tank. The ICO paper names the pandemic as the driving force behind the significant decline, also alleging that the introduction of mandatory breach reporting across sectors that tackle considerable amounts of personal data has contributed to the downturn in reports.
Healthcare stood as the most targeted industry for data breaches in FY 20/21, comprising 16.8% of reports submitted to the ICO. Education and childcare was the second most targeted sector, accounting for 13.6% (1,160 personal data breach incidents) of reports.
The retail and manufacturing industry came third at 10.9%, followed by finance and credit (10.5%), and ‘local government’ in fifth (8.8%).
While a considerable majority (71.4%) of all personal data breaches reported to the ICO led to no further action, more than a fifth (21.6%) required further investigation, though the specific outcomes of these cases weren’t clarified.
However, the report revealed that 3.9% of personal data breaches led to ‘informal’ action being taken, and just 0.1% of cases led to formal action – including administrative punishment or a lower tier fine.
“Whilst the ICO have reported a surprising decline in personal data breach incidents this year, business owners and workers must not get complacent,” commented Chris Ross of Barracuda Networks. “Despite what the figures suggest, cyber-attacks targeting remote workers and businesses have increased in intensity over the last 18 months. This is particularly because more employees were working from home for the first time, and thus more sensitive data has been handled across email, cloud storage and personal devices than ever before, presenting a gold mine of opportunity for hackers.
“A general lack of security provisions and training throughout remote working also contributed to a number of bad and dangerous habits across some employees,” added Ross, noting that recent research by Barracuda Networks revealed that malicious emails spend, on average, 83 hours in an employee’s inbox before being detected or resolved, while almost one in 30 will click a link in a malicious email, potentially compromising critical business data.
“Therefore,” he explained, “businesses must ensure that all employees are provided with regular and tailored security training, so that they can appreciate the seriousness of this threat and react accordingly.”
In other news: Loughborough’s new ‘Lovelace’ computer ‘a huge step forward