Over 40% Of UK Organisations Reported To ICO Since GDPR

Almost half (43%) of UK organisations have had a data breach reported to the British regulator the Information Commissioners Office (ICO) since GDPR came into effect, according to a survey run by Apricorn, a leading manufacturer of software-free, hardware-encrypted USB drives.

One third (33%) notified the ICO themselves, while 10% were reported by somebody else. A further 9% of the IT leaders surveyed did not know whether a breach at their organisation had been reported to the ICO. 

The risk of a data breach is the concern that troubles UK IT leaders the most when thinking about data privacy regulations, cited by 57% of respondents. Addressing the variety of threats to data is next on the list (42%). 

The survey findings also indicate a lack of cyber-resilience within organisations, which is likely to affect their ability to manage the risk of, respond to and recover from a data breach. Respondents also reported difficulties in adequately identifying or locating data (33%), understanding data obligations (31%), and adequately securing data (25%). 

In addition, when asked about the biggest challenges associated with implementing a cybersecurity plan for remote/mobile working, 39% of IT leaders admitted they cannot be certain that their data is adequately secured, 18% said they don’t have a good understanding of which data sets need to be encrypted, and 15% have no control over where company data goes and where it is stored. 

Jon Fielding, Managing Director EMEA of Apricorn, says: “Prioritising the building of cyber-resilience will strengthen an organisation’s ability to prepare for, react to and recover from a cyber-attack. Understanding precisely what data they collect, process and store, where it is located and who has access, all in line with data protection regulations, are vital components in this. A cyber-resilient organisation can quickly retrieve and restore data after an incident, establish and remediate the cause whilst demonstrating transparency and due diligence to regulators.”  

Resilience can be enhanced by focusing on four areas: 

  • Employee education:   As detailed in the recent security incident trends report from the Information Commissioner’s Office (ICO), insider risk is the biggest contributing factor in the majority of data breaches. It is critical that employees understand their responsibilities in protecting the information they have access to in line with their corporate security policy. Wherever possible, policy should be automated and enforced through technology such as endpoint control locking USB ports to only accept corporate approved devices. 
  • Encrypting all corporate data as standard:   This is a vital compliance tool: evidence that information was properly secured reduces a company’s obligations under GDPR while ensuring that any breached data can only be accessed by someone with the authority to do so. 
  • Mandate offline back-ups:    Whether done centrally and/or by each employee backing up locally to a corporate-approved encrypted storage device, this ensures data can always be recovered while providing a line of defence against ransomware attacks.  
  • Gain up-to-date visibility of all data:    Companies must be able to map their data’s lifecycle from collection to deletion, including who has access and whether it has been or could be put at risk. This enables a fast and accurate response to incidents – and to regulators’ questions. 

Apricorn’s survey highlights that organisations recognise the importance of company-wide data encryption, with 31% of respondents noting that their company now requires all data to be encrypted as standard, whether it’s at rest or in transit, and a further 24% when it’s being stored on their systems or in the cloud. Three quarters (77%) confirm their organisation has a policy of encrypting all data held on removable media. 

The research was conducted during March 2021. The respondents were 100 UK IT decision makers (CIOs, Heads of IT, IT directors, Senior IT managers etc.) from enterprise organisations (1000+ employees) including financial services, IT, manufacturing, business and professional services. 

You Might Also Read:

EU Says That  UK Data Protection Rules Are ‘Adequate’:

 

« British Police Double Down On CyberAlarm
Cyber Security Careers for Women »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Hex Security

Hex Security

Hex Security Limited is a specialist Information Assurance (IA) consultancy working with associates and partners to deliver security certification and accreditation support.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

The Cyber Security Expert

The Cyber Security Expert

The Cyber Security Expert delivers cyber security consultancy, website and cloud security monitoring services, and specialist training services.

ICTSecurity Portal

ICTSecurity Portal

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

Secure Blockchain Technologies (SBT)

Secure Blockchain Technologies (SBT)

SBT is a team of Enterprise IT Security Professionals weaving security and Blockchain Technology into our customer’s operational fabric.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.