Data breaches are on the rise again in the UK with two-thirds of sectors studied reporting an increase in the first quarter compared with the same time a year ago, according to new ICO figures.
Secure messaging company Egress filed FoI requests to the data protection watchdog for the period 1 January – 31 March 2016 and uncovered some worrying stats.
Healthcare once again topped the list with 184 reported incidents, but it was courts and justice that showed the biggest rise – a whopping 500% from the previous year, albeit from a very low base of just one incident in 2015.
“One of the challenges facing the courts and justice sector is the vast amount of data they handle, including paperwork, and the multiple stakeholders that they need to share it with,” Egress CEO, Tony Pepper, told Infosecurity.
“However, in our experience justice organizations are taking significant steps to overcome this problem and improve their information security – which can only be a positive moving forwards.”
Also showing a big rise in the number of breach incidents were insurance firms (317%), general businesses (157%), solicitors and barristers (127%), and charities (109%).
Human error (62%) accounted for the vast majority of incidents, far more than insecure webpages and hacking (9%).
Within the human error category, the ICO's stats revealed data posted or faxed to the wrong recipient (17%), loss and theft of paperwork (17%) and data emailed to the wrong recipient (9%) were the main causes of data loss.
The figures are particularly concerning for organizations given the coming EU GDPR, which will levy fines of up to 4% annual global turnover on firms which don’t comply with the new regulation, set to land in May 2018.
Pepper claimed that although the profile of information security has never been higher in boardrooms across the globe, time and financial resources are usually allocated to external threats.
“Despite this, and as today’s announcement confirms, human error is the main cause of data breach incidents,” he added. “To see this number decrease, therefore, I believe organizations need to be taking a much more holistic approach to data protection that balances both internal and external threats.”