Over 40% Of UK Organisations Reported To ICO Since GDPR

Almost half (43%) of UK organisations have had a data breach reported to the British regulator the Information Commissioners Office (ICO) since GDPR came into effect, according to a survey run by Apricorn, a leading manufacturer of software-free, hardware-encrypted USB drives.

One third (33%) notified the ICO themselves, while 10% were reported by somebody else. A further 9% of the IT leaders surveyed did not know whether a breach at their organisation had been reported to the ICO. 

The risk of a data breach is the concern that troubles UK IT leaders the most when thinking about data privacy regulations, cited by 57% of respondents. Addressing the variety of threats to data is next on the list (42%). 

The survey findings also indicate a lack of cyber-resilience within organisations, which is likely to affect their ability to manage the risk of, respond to and recover from a data breach. Respondents also reported difficulties in adequately identifying or locating data (33%), understanding data obligations (31%), and adequately securing data (25%). 

In addition, when asked about the biggest challenges associated with implementing a cybersecurity plan for remote/mobile working, 39% of IT leaders admitted they cannot be certain that their data is adequately secured, 18% said they don’t have a good understanding of which data sets need to be encrypted, and 15% have no control over where company data goes and where it is stored. 

Jon Fielding, Managing Director EMEA of Apricorn, says: “Prioritising the building of cyber-resilience will strengthen an organisation’s ability to prepare for, react to and recover from a cyber-attack. Understanding precisely what data they collect, process and store, where it is located and who has access, all in line with data protection regulations, are vital components in this. A cyber-resilient organisation can quickly retrieve and restore data after an incident, establish and remediate the cause whilst demonstrating transparency and due diligence to regulators.”  

Resilience can be enhanced by focusing on four areas: 

  • Employee education:   As detailed in the recent security incident trends report from the Information Commissioner’s Office (ICO), insider risk is the biggest contributing factor in the majority of data breaches. It is critical that employees understand their responsibilities in protecting the information they have access to in line with their corporate security policy. Wherever possible, policy should be automated and enforced through technology such as endpoint control locking USB ports to only accept corporate approved devices. 
  • Encrypting all corporate data as standard:   This is a vital compliance tool: evidence that information was properly secured reduces a company’s obligations under GDPR while ensuring that any breached data can only be accessed by someone with the authority to do so. 
  • Mandate offline back-ups:    Whether done centrally and/or by each employee backing up locally to a corporate-approved encrypted storage device, this ensures data can always be recovered while providing a line of defence against ransomware attacks.  
  • Gain up-to-date visibility of all data:    Companies must be able to map their data’s lifecycle from collection to deletion, including who has access and whether it has been or could be put at risk. This enables a fast and accurate response to incidents – and to regulators’ questions. 

Apricorn’s survey highlights that organisations recognise the importance of company-wide data encryption, with 31% of respondents noting that their company now requires all data to be encrypted as standard, whether it’s at rest or in transit, and a further 24% when it’s being stored on their systems or in the cloud. Three quarters (77%) confirm their organisation has a policy of encrypting all data held on removable media. 

The research was conducted during March 2021. The respondents were 100 UK IT decision makers (CIOs, Heads of IT, IT directors, Senior IT managers etc.) from enterprise organisations (1000+ employees) including financial services, IT, manufacturing, business and professional services. 

You Might Also Read:

EU Says That  UK Data Protection Rules Are ‘Adequate’:

 

« British Police Double Down On CyberAlarm
Cyber Security Careers for Women »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Arista Networks

Arista Networks

Arista Networks was founded to deliver software defined cloud networking solutions for large data centre and computing environments.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

e-Governance Academy (eGA)

e-Governance Academy (eGA)

eGA is a think tank and consultancy founded for the transfer of knowledge and best practice in e-governance, e-democracy and national cyber security.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

ESTsecurity

ESTsecurity

ESTsecurity provides intelligent security threat management solutions to make a safer world.

GuardSquare

GuardSquare

GuardSquare is the global reference in mobile application protection. We develop premium software for the protection of mobile applications against reverse engineering and hacking.

Pathway Forensics

Pathway Forensics

Pathway Forensics is a leading provider of computer forensics, e-discovery services and digital investigations.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.

Redsquid

Redsquid

At Redsquid we are all about making a difference to our customers with the use of technology, as an innovative provider of solutions within IoT, Cyber security, ICT, Data Connectivity & Voice.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.