Over 40% Of UK Organisations Reported To ICO Since GDPR

Almost half (43%) of UK organisations have had a data breach reported to the British regulator the Information Commissioners Office (ICO) since GDPR came into effect, according to a survey run by Apricorn, a leading manufacturer of software-free, hardware-encrypted USB drives.

One third (33%) notified the ICO themselves, while 10% were reported by somebody else. A further 9% of the IT leaders surveyed did not know whether a breach at their organisation had been reported to the ICO. 

The risk of a data breach is the concern that troubles UK IT leaders the most when thinking about data privacy regulations, cited by 57% of respondents. Addressing the variety of threats to data is next on the list (42%). 

The survey findings also indicate a lack of cyber-resilience within organisations, which is likely to affect their ability to manage the risk of, respond to and recover from a data breach. Respondents also reported difficulties in adequately identifying or locating data (33%), understanding data obligations (31%), and adequately securing data (25%). 

In addition, when asked about the biggest challenges associated with implementing a cybersecurity plan for remote/mobile working, 39% of IT leaders admitted they cannot be certain that their data is adequately secured, 18% said they don’t have a good understanding of which data sets need to be encrypted, and 15% have no control over where company data goes and where it is stored. 

Jon Fielding, Managing Director EMEA of Apricorn, says: “Prioritising the building of cyber-resilience will strengthen an organisation’s ability to prepare for, react to and recover from a cyber-attack. Understanding precisely what data they collect, process and store, where it is located and who has access, all in line with data protection regulations, are vital components in this. A cyber-resilient organisation can quickly retrieve and restore data after an incident, establish and remediate the cause whilst demonstrating transparency and due diligence to regulators.”  

Resilience can be enhanced by focusing on four areas: 

  • Employee education:   As detailed in the recent security incident trends report from the Information Commissioner’s Office (ICO), insider risk is the biggest contributing factor in the majority of data breaches. It is critical that employees understand their responsibilities in protecting the information they have access to in line with their corporate security policy. Wherever possible, policy should be automated and enforced through technology such as endpoint control locking USB ports to only accept corporate approved devices. 
  • Encrypting all corporate data as standard:   This is a vital compliance tool: evidence that information was properly secured reduces a company’s obligations under GDPR while ensuring that any breached data can only be accessed by someone with the authority to do so. 
  • Mandate offline back-ups:    Whether done centrally and/or by each employee backing up locally to a corporate-approved encrypted storage device, this ensures data can always be recovered while providing a line of defence against ransomware attacks.  
  • Gain up-to-date visibility of all data:    Companies must be able to map their data’s lifecycle from collection to deletion, including who has access and whether it has been or could be put at risk. This enables a fast and accurate response to incidents – and to regulators’ questions. 

Apricorn’s survey highlights that organisations recognise the importance of company-wide data encryption, with 31% of respondents noting that their company now requires all data to be encrypted as standard, whether it’s at rest or in transit, and a further 24% when it’s being stored on their systems or in the cloud. Three quarters (77%) confirm their organisation has a policy of encrypting all data held on removable media. 

The research was conducted during March 2021. The respondents were 100 UK IT decision makers (CIOs, Heads of IT, IT directors, Senior IT managers etc.) from enterprise organisations (1000+ employees) including financial services, IT, manufacturing, business and professional services. 

You Might Also Read:

EU Says That  UK Data Protection Rules Are ‘Adequate’:

 

« British Police Double Down On CyberAlarm
Cyber Security Careers for Women »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

Managed Security Solutions (MSS)

Managed Security Solutions (MSS)

MSS deliver consultancy services and managed security services for IT departments who may lack the time, resources, or expertise themselves.

MindPoint Group (MPG)

MindPoint Group (MPG)

MindPoint Group is a specialist Information Security Consulting firm.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

Sansec

Sansec

Sansec is the global leader in eCommerce malware and vulnerability detection. We help you to stay ahead of hackers!

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.

Lyvoc

Lyvoc

Lyvoc is a premier cybersecurity integration partner renowned for its expertise in supporting its clients to accelerate and secure their digital transformation.

Maverits

Maverits

At Maverits, we are on a mission to reshape the cybersecurity landscape. We offer a wide range of services, including Threat Intelligence, Incident Response, Consulting & Training.