The UK’s privacy watchdog has issued a stern warning to the nation’s organizations to improve their data protection posture, after revealing that over half of adults have had their personal information lost or stolen.
Information commissioner, John Edwards, revealed the figures in a blog post on Monday, arguing that companies often forget the toll that data compromise can take on victims.
“Data protection has never been about computers or robots – it’s about people. The information we are trusted with is not just a set of numbers or details – it reflects individual lives,” he said.
“Yet in figures revealed by the ICO today, we see that 55% of adults have had their data lost or stolen. That is nearly 30 million people. The personal and emotional toll of this is too often overlooked.”
Read more on data breaches: ICO Fines Health Clinic for Revealing HIV Patient Names, Addresses
Nearly a third (30%) of victims report emotional distress, while a quarter (25%) receive no support from the breached organization, Edwards continued. A third (32%) find out through the media rather than the organizations themselves, which deepens a feeling of “betrayal,” he said.
Edwards alluded to several high-profile breaches which show the extreme impact some incidents can have. In March, NHS Highland emailed 37 people likely to be accessing HIV services – sharing their details with each other by using the CC rather than the BCC function.
In September 2023, the ICO was forced to warn organizations handling the personally identifiable information (PII) of domestic abuse victims that data breaches could put lives at risk.
“When a data breach occurs, it’s not just an admin error – it is a failure to protect someone. In many cases if that someone is in a vulnerable situation, they are already facing innumerable personal challenges, or they may be at risk of harm,” Edwards argued.
“Today, I want to issue a stark warning to organizations across the country: you must do better.”
SMEs Have an Advantage
Oz Alashe, CEO and founder of CybSafe, said that cybersecurity must be at the forefront of every startup owner’s mind.
“The statistics are clear. SMEs are highly vulnerable to cyber-attacks and are likely to fold if they become victims,” he added. “Instead of viewing limited resources as a disadvantage, startups should see their size as an asset compared to larger, often slower moving competitors.”
Alashe claimed that SMEs can use their agility to build corporate security into their DNA, “supported by a team that genuinely values a security-conscious culture.”