The UK’s privacy regulator, the Information Commissioner’s Office (ICO) has released figures which show that reported cyber incidents have increased by 36% compared to the same quarter last year. The report, which covers July – October 2020, also revealed a 58% increase in reported data breaches because of unauthorised access, and a 289% surge in ransomware incidents.
What did the report find?
According to the report:
- There were 737 cyber related incidents reported to the ICO between July and October this year.
- Phishing was the number one cause of cyber incidents with 258 reports.
- There were 190 unauthorised access report, up 58% year-on-year.
- Ransomware has seen a huge surge of 289% from 39 to 152 this year.
- The top three sectors for cyber incidents were retail & manufacturing (148), finance, insurance & credit (118) and education & childcare (86).
The report also highlighted the prevalence of non-cyber incidents. For example, where a data breach occurred due to human error rather than a cyberattack. The good news is that non-cyber incidents are down from 2,441 to 1,857 compared to the same quarter last year. The bad news is that non-cyber incidents remain the biggest cause of data breaches across the UK.
The top three sectors for non cyber incidents were health (378), education & childcare (250) and finance, insurance & credit (186).
Is data security being made a priority?
Commenting on the latest figures, Kingsley Hayes, head of data breach, said:
“The overall picture shows that there has been a 15% decrease in the total number of data violations in Q2 compared to the same period last year. However, while that is reassuring, individuals should remain on alert as cyber-related breaches jumped by more than a third.
“As Covid means a greater reliance on online shopping, it is concerning, but not unexpected, to see that the retail and manufacturing sector was the hardest hit by cyber incidents, most of which were due to phishing.
“At the same time, the health sector remains the most affected by breaches due to human error. And as our health and social care system becomes increasingly digital, there are concerns that the robust protections required to prevent this from happening are simply not in place. This is particularly worrying with the pandemic posing incredible challenges. Indeed, in December 2020 almost 300 patients involved in an NHS Highland data breach in a non-cyber related incident, while in March 2020, the Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR), a company which performs early clinical trials of drugs and vaccines.
With the pandemic and Brexit continuing to challenge all sectors as we navigate uncharted waters, the focus, investment, and commitment needed to protect personal information, must be a top priority.”