Over 40% Of UK Organisations Reported To ICO Since GDPR

Uploaded on 2021-07-14 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Law

Almost half (43%) of UK organisations have had a data breach reported to the British regulator the Information Commissioners Office (ICO) since GDPR came into effect, according to a survey run by Apricorn, a leading manufacturer of software-free, hardware-encrypted USB drives.

One third (33%) notified the ICO themselves, while 10% were reported by somebody else. A further 9% of the IT leaders surveyed did not know whether a breach at their organisation had been reported to the ICO. 

The risk of a data breach is the concern that troubles UK IT leaders the most when thinking about data privacy regulations, cited by 57% of respondents. Addressing the variety of threats to data is next on the list (42%). 

The survey findings also indicate a lack of cyber-resilience within organisations, which is likely to affect their ability to manage the risk of, respond to and recover from a data breach. Respondents also reported difficulties in adequately identifying or locating data (33%), understanding data obligations (31%), and adequately securing data (25%). 

In addition, when asked about the biggest challenges associated with implementing a cybersecurity plan for remote/mobile working, 39% of IT leaders admitted they cannot be certain that their data is adequately secured, 18% said they don’t have a good understanding of which data sets need to be encrypted, and 15% have no control over where company data goes and where it is stored. 

Jon Fielding, Managing Director EMEA of Apricorn, says: “Prioritising the building of cyber-resilience will strengthen an organisation’s ability to prepare for, react to and recover from a cyber-attack. Understanding precisely what data they collect, process and store, where it is located and who has access, all in line with data protection regulations, are vital components in this. A cyber-resilient organisation can quickly retrieve and restore data after an incident, establish and remediate the cause whilst demonstrating transparency and due diligence to regulators.”  

Resilience can be enhanced by focusing on four areas: 

  • Employee education:   As detailed in the recent security incident trends report from the Information Commissioner’s Office (ICO), insider risk is the biggest contributing factor in the majority of data breaches. It is critical that employees understand their responsibilities in protecting the information they have access to in line with their corporate security policy. Wherever possible, policy should be automated and enforced through technology such as endpoint control locking USB ports to only accept corporate approved devices. 
  • Encrypting all corporate data as standard:   This is a vital compliance tool: evidence that information was properly secured reduces a company’s obligations under GDPR while ensuring that any breached data can only be accessed by someone with the authority to do so. 
  • Mandate offline back-ups:    Whether done centrally and/or by each employee backing up locally to a corporate-approved encrypted storage device, this ensures data can always be recovered while providing a line of defence against ransomware attacks.  
  • Gain up-to-date visibility of all data:    Companies must be able to map their data’s lifecycle from collection to deletion, including who has access and whether it has been or could be put at risk. This enables a fast and accurate response to incidents – and to regulators’ questions. 

Apricorn’s survey highlights that organisations recognise the importance of company-wide data encryption, with 31% of respondents noting that their company now requires all data to be encrypted as standard, whether it’s at rest or in transit, and a further 24% when it’s being stored on their systems or in the cloud. Three quarters (77%) confirm their organisation has a policy of encrypting all data held on removable media. 

The research was conducted during March 2021. The respondents were 100 UK IT decision makers (CIOs, Heads of IT, IT directors, Senior IT managers etc.) from enterprise organisations (1000+ employees) including financial services, IT, manufacturing, business and professional services. 

You Might Also Read:

EU Says That  UK Data Protection Rules Are ‘Adequate’:

 

« British Police Double Down On CyberAlarm
Cyber Security Careers for Women »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

BigID

BigID

BigID is redefining personal data protection and privacy. BigID software helps companies secure their customer data & satisfy privacy regulations like GDPR.

Platin Bilişim

Platin Bilişim

Platin Bilisim is an IT Security company providing consultancy, solutions and operational support services.

Motiv ICT Security

Motiv ICT Security

Motiv is the ICT security specialist that provides public and private sector organisations with IT security solutions and services to prevent cybercrime, data theft and data breaches.

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

Xobee Networks

Xobee Networks

Xobee Networks is a Managed Service Provider of innovative, cost-effective, and cutting-edge technology solutions in California.

Halcyon

Halcyon

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks.

Dropzone AI

Dropzone AI

Dropzone AI are creating a generational leap in SecOps by using AI to automate cyber expertise and tooling.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

CyberTest

CyberTest

CyberTest offers cybersecurity consulting and penetration testing services that helps organizations and businesses securing their assets.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.

REAL Security

REAL Security

REAL Security is a market leader across the Adriatic region in value-added distribution in the field of IT Security & virtualisation.