Personal data breach reports to the UK’s Information Commissioner’s Office (ICO) fell by 20% in financial year 20/21 compared to 19/20. This is according to figures published in the ICO’s recent annual report, which were analyzed by the Parliament Street think tank.
The report revealed there were 9532 personal data breach reports in the most recent financial year (20/21), representing a significant drop from 11,854 reports made in 19/20.
This is despite a huge rise in cyber-attacks during the COVID-19 pandemic and organizations becoming more vulnerable to breaches following the shift to home working in that period. The ICO cited the pandemic and the introduction of mandatory breach reporting from sectors that handle large volumes of personal data as the primary factors in the fall in personal data breach reports.
The sector with the highest proportion (16.8%) of personal data breaches reported to the ICO in FY 20/21 was healthcare. This was followed by education and childcare (13.6%), retail and manufacturing (10.9%), finance insurance and credit (10.5%) and local government (8.8%).
Close to three-quarters (71.4%) of personal data breaches reported to the ICO led to no further action, while 21.6% were investigated further, although no further details on the outcomes of these cases were given.
In addition, 3.9% of breaches led to ‘informal’ action being taken, and just 0.1% led to formal action, which includes administrative punishment or a lower-tier fine.
Commenting on the figures, Chris Ross, SVP sales international for Barracuda Networks, said, “While the ICO has reported a surprising decline in personal data breach incidents this year, business owners and workers must not get complacent. Despite what the figures suggest, cyber-attacks targeting remote workers and businesses have increased in intensity over the last 18 months. This is particularly because more employees were working from home for the first time, and thus more sensitive data has been handled across email, cloud storage and personal devices than ever before, presenting a gold mine of opportunity for hackers.”