NUMBER OF DATA BREACHES REPORTED TO THE IOC UP BY 88 PER CENT
The number of data breaches reported to the Information Commissioner’s Office (ICO) has nearly doubled in the last year.
Self-reported data protection breaches were up 88 per cent in 2015/16, according to figures obtained by Huntsman Security via a Freedom of Information request.
2,048 incidents were reported to the ICO between April 2015 and March 2016, compared to 1,089 during a similar period the year before, the statistics showed.
In fact, the number of incidents where the ICO took no action in 2015/16 was greater than the total number of incidents reported during the previous year.
“Unfortunately, this is not the full story,” said Huntsman CEO Peter Woollacott.
“The average organisation is subject to multiple breaches, of which only some will be detected, so the figures reported to the ICO are likely to be understated.
“The root of the problem is that organisations are under such an intense barrage of cyber activity that threat alerts – many of which turn out to be benign – are overwhelming cyber security teams. There is simply too much data to analyse and verify manually.
“Genuine threats require immediate attention but frequently the investigation of benign and even false alarms can waste a great deal of valuable time and resources.”
The figures also gave some insight into the worst-affected industries. Health, local government and educational organisations accounted for 64 per cent of all reported breaches.
However, local government showed some signs of improvement compared to other sectors, as the number of breaches increased by only 14 per cent over the year.
The financial sector, although responsible for reporting less than six per cent of incidents, attracted 33 per cent of all financial penalties pursued by the ICO.
Utilities companies, meanwhile, reported only two data breaches to the ICO over the year-long period – a number that Huntsman said required “closer scrutiny”.
“Quite simply, no news is bad news,” Woollacott said. “If breaches aren’t being detected, it most likely just means that security analysts are having difficulty finding the needles in the haystack.
“To help them see through the noise generated by security alerts, organisations must find a way to automate threat verification and eliminate the wasted effort that results from false alarms. By using machine learning to identify otherwise ‘invisible’ threats, security analysts can easily identify those that really matter, and as a result significantly reduce their time at risk from cyber threats.
“This, in conjunction with automation and streamlining the incident management process, means that organisations can put themselves, the ICO and the wider public at greater ease that our data is safe in their hands.”