The ICO has published a incident trends analysis based on the reports it has received. The obvious flaw in this is that many incidents go unreported, either because they fall below the reportable criteria set by the
DAP2018 or because companies believe that by keeping quiet is worth the risk.
Some key findings:
DAP2018 or because companies believe that by keeping quiet is worth the risk.
Some key findings:
- 32,541 incidents were reported to the ICO of which 6627 were cyber attack related since 2019. 4209 have been reported this year. (893 cyber)
- “sent to the wrong email recipient” is the number incident reported (some need better advice – only 1% of investigations result from this)
- The health sector makes up most (19%) of all declared incidents
- Nearly half of all incidents involve 10 people or less (some need better advice!)
- Investigations are most likely (16%) when the time to declare is more than a week
- 78% of malware incidents are investigated
The upshot for those reading is that it is essential that if you even suspect a breach you come to Fifth Square as soon as possible. Despite being called into some very challenging breaches we have never had an instance where an investigation has been escalated beyond the initial stage. The other obvious takeaway is to ensure you are taking all the steps you can (proportionate to risk) to prevent breaches.
Some IT companies are now offering enhanced security services (CIS hardening, Threat detection and monitoring services etc) as well as working with me on Cyber Essentials (clue is in the name) and we would strongly recommend you consider these as part of your strategy.
Some IT companies are now offering enhanced security services (CIS hardening, Threat detection and monitoring services etc) as well as working with me on Cyber Essentials (clue is in the name) and we would strongly recommend you consider these as part of your strategy.
