The UK is getting significantly better at preventing data breaches and mitigating the damage caused by them, a new report has found.
Gemalto’s 2017 Breach Level Index Report observed a 40% decrease in the number of breached records among organisations in the UK compared to 2016. This bucks a global trend, which saw an 88% increase in the number of breached records.
The UK also experienced a 26% decrease in the number of incidents leading to data breaches (from 108 in 2016 to 80). There was also a decline in breach incidents globally, although by only 11%.
Predictably, cyber criminals were the leading source of breaches worldwide, accounting for 72% of incidents. However, these attacks only led to 23% of all compromised data. By contrast, accidental breaches accounted for just 18% of incidents but 76% of breached records.
Accidental breaches include employees misplacing information, disposing of it improperly or misconfiguring databases. Globally, 1.9 billion records were compromised accidentally, which represents an astonishing 580% increase compared to 2016.
This suggests that organisations are doing a much better job of stopping cyber criminals, but are not putting enough emphasis on employees’ data protection responsibilities or implementing measures to prevent costly mistakes.
This can also be seen when it comes to malicious insiders, i.e. employees who deliberately misuse data. Although the number of malicious insider incidents decreased slightly (from 179 to 164), the number of breached records more than doubled (from 14 million to 30 million). Organisations need to do a better job preventing employees from accessing large quantities of sensitive information. The problem often stems from not revoking ex-employees’ access. When a member of staff leaves who holds a grudge, whether they’ve been sacked or resigned, they are liable to misappropriate information. It’s therefore essential that organisations revoke their login credentials as soon as possible.
More advice on staying secure
Whether your organisation is in need of an attitude change towards cyber security or you just want to take extra steps to prevent data breaches, you might be interested in our Security Awareness Programme.
This programme provides comprehensive help addressing staff awareness. Our experts provide an assessment of your organisation’s learning needs, awareness challenges and knowledge gaps. We then provide a multi-component campaign tailored to your requirements, consisting of, for example:
- E-learning courses;
- Campaign posters;
- Staff newsletters;
- Pocket guides; and
- A simulated phishing attack.
Our Security Awareness Programme is ideal for larger organisations looking to raise awareness of issues such as data privacy, information security and cyber security. It supports the implementation of ISO 27001 and ISO 22301, and compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the EU General Data Protection Regulation (GDPR).