ICO reveals 400% increase in reports of cyber-security incidents
.jpg)
There was a massive jump of over 400 percent in the number of data breaches reported to the ICO which were classified as 'cyber incidents' following GDPR coming into force.
In the period from April to June 2018 (Q1 of the current government financial year), there were 414 reports of "cyber-incidents" made to the ICO from various industries. This compares to 97 in the previous quarter and is also a significant jump over the previous two years’ reports.
Meanwhile, in the broader category of data security, the ICO said that in Q1 there were 3,146 incidents, a rise of 228 percent compared to 957 in the preceding quarter. This increase coincides with the General Data Protection Regulation (GDPR) coming into force which mandates that all incidents be reported to the ICO within 72 hours.
In August, it was revealed that the ICO had received 6,281 complaints between 25 May (the day the GDPR came into force) and 3 July, a 160 percent increase on the same period the year before, reinforcing concerns that GDPR would lead to overreporting.
Tony Pepper, CEO at Egress Software Technologies, noted that most of the data breach incidents can be traced to failure of people, processes and policy. Some 65 percent of the data incidents, or just over 2,000, were the result of ‘incorrect disclosure of data’ compared to the 414 that were due to cyber-security incidents.
The top three sectors for data breaches in general were health (677 incidents), general business (453) and education (415). However, it’s notable that when looking at cyber-security incidents, the health sector reported a scant 12 incidents compared to general business (129 cyber incidents), finance/insurance (58) and education (56).
Analysing the data by type of attack, it’s clear that phishing (165 incidents) dominates the attack vectors, followed by the rather unspecific category of "unauthorised access" (104) and malware (58). It’s not clear from the statistics to what degree these incident types are linked as they often go together.
Fines in the current quarter for cyber-security incidents included:
-
£325,000 against the Crown Prosecution Service (CPS) for the loss of unencrypted DVDs containing police interviews
-
£250,000 against Yahoo! UK following a cyber-attack in November 2014
-
£120,000 against the University of Greenwich following a security breach which affected the personal data of 20,000 people
-
£80,000 against Gloucestershire Police for revealing the identities of abuse victims in a bulk email
-
£100,000 against the British and Foreign Bible Society following a cyber-attack in 2016.
All of these fines were levied under the Data Protection Act 1998 and not the GDPR and Data Protection Act 2018.
"Organisations should take a user-centric approach to data security, ensuring that every employee is as security savvy as they need to be," Pepper said.
A survey conducted by Egress found that 20 percent of employees were still using insecure channels to share data and a similar number did not know what kinds of personal information should be protected when sharing data via email.
"Today, the user is the only constant within organisations and by taking a user-centric approach and equipping staff to handle personal data – through technology that supports and secures the work they do, as well as more training and awareness – companies will be better placed to close the gap in their compliance programme," Pepper said.
Source scmagazineuk
Industry: Cyber Security News

Latest Jobs
-
- Senior Presales Consultant | Managed Security Services | London
- London
- N/A
-
Senior Presales Consultant – Managed Security Services Location: London-commutable (Hybrid) A well-established cyber consultancy is seeking a Senior Presales Consultant to drive growth across its managed security services / advisory portfolio. This hybrid role bridges commercial and technical expertise supporting solution design, shaping customer proposals, and guiding conversations from scoping through to delivery. Key experience: Background in managed security services, including SOC operations and threat detection Strong knowledge of cloud and on-prem security tooling (SIEM, EDR, IAM) Penetration testing Proven ability to translate technical concepts into clear business value Confident in customer-facing engagements and pre-sales delivery Experience contributing to bids, proposals, and RFI/RFP responses To find out more contact me on 07884666351 Visa sponsorship is unfortunately not available for this role.
-
- Senior SOC Engineer - Microsoft | Splunk. Permanent. London
- London
- N/A
-
Senior SOC Engineer – Hybrid London Type: Full-Time A well-established cyber security provider is seeking a Senior SOC Engineer to strengthen its managed services function. This role is ideal for someone with a strong operational background in SIEM and EDR tools who can confidently lead customer onboarding, fine-tune detection strategies, and act as a senior point of contact for technical escalations. You will need to be SC clearable. Bonus points if you have SC clearance currently. You will be responsible for ensuring smooth integration of new clients into the service, optimising alerting capabilities and delivering meaningful outcomes during investigations. This is a hands-on position, working closely with internal teams and external stakeholders to maintain robust security operations across multiple environments. Prior experience in a cyber-focused MSP or MSSP Strong hands-on capability with platforms such as Microsoft Sentinel, Defender for Endpoint, or similar Proficiency in scripting and query languages such as KQL or PowerShell Knowledge of detection logic, investigation workflows, and cloud-based infrastructure Confident communicator with strong documentation and reporting skills Apply today for more information.