This website uses cookies. View our cookie policy
Close
United Kingdom
Select regional store:

Data breaches

43% of businesses have experienced a cyber security breach or attack in the past 12 months.1  It’s time to get serious about defending your data.


Data breaches at a glance

98%

of businesses rely on some form of digital communication or service

43%

of businesses identified cyber security breaches or attacks in the last year

£16.1k

the average cost of a data breach for a medium-sized business


What is a data breach?

A data breach is a compromise of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to protected data – essentially anything that affects its confidentiality, integrity or availability.

Since the GDPR (General Data Protection Regulation) came into force in May 2018, all organisations are legally required to report certain types of personal data breach to the ICO (Information Commissioner’s Office) within 72 hours of becoming aware of the breach.


What are the biggest data breaches?

Organisation

Number of compromised records

Date

Yahoo 3 billion December 2014
Equifax 145.5 million July 2017
Facebook 50 million September 2018
Dixons Carphone 10.2 million July 2017
Wonga 270,000 June 2018
Ticketmaster 40,000 April 2017

Why do data breaches happen?

Data breaches aren’t just the result of cyber attacks. There can be many other causes:

  • Weak and stolen credentials:

    Many websites use off-the-shelf software, applications and plugins, which often contain vulnerabilities that can be exploited by criminal hackers.
  • Application vulnerabilities:

    Common website and web application security issues include potential for injection, privilege escalation and cross-site scripting. 
  • Malware:

    Designed to disrupt and gain unauthorised access to a computer system, malware encompasses Trojans, social engineering, worms, viruses and spyware.
  • Employee negligence:

    Human error accounted for 88% of incidents reported to the ICO in 2017/18.

How can data breaches be prevented?

Data breach prevention isn’t as simple as just installing antivirus software. Your ability to avoid a breach relies on three pillars: people, processes and technology.

  • Start with your staff:

    Improving security training for employees is the best defence against cyber attacks. Find you how you can familiarise your staff with the basics of information security.
  • Implement basic cyber security measures:

    Cyber Essentials is a framework that is suitable for small organisations and can help prevent up to 80 % of cyber attacks through the implementation of five basic controls.  
  • Follow a proven information security framework:

    Implementing an ISMS (information security management system) provides a systematic approach to protecting and managing your organisation’s information through effective risk management and is a more comprehensive approach to information security than Cyber Essentials.
  • Tighten up your technology:

    All organisations should have the following technologies in place:
    • Firewalls
    • Intrusion prevention
    • Switched networks
    • Malware/ virus protection
    • Log file consolidation
    • System monitoring
    • Single sign-on
    • Data leakage prevention
    • Spam filtering

Assess your risks. Understand your weaknesses. Prepare your business.

Use our breach readiness checklist to find out whether you’re prepared for a data breach. You’ll receive a free personalised report on how #BreachReady you are, giving you a detailed summary of your answers and information and advice on the next steps to take.

Get #BreachReady

Find out how we can help you prepare for and respond to a data breach

GDPR notification requirements are complicated, but complying with them needn’t be. Our GDPR Data Breach Support Service will help you respond quickly and effectively to a data breach to meet the Regulation’s 72-hour notification requirement.

Find out more

What makes us different

  • We have an in-depth understanding of the GDPR’s requirements and how they can be met.
  • We provide a complete compliance support service to help your organisation achieve GDPR compliance. 
  • Our specialist team has extensive data protection and information security management project expertise, both in the UK and internationally.
  • We provide a total cyber resilience solution, comprising books, toolkits, software, consultancy, penetration testing, training and audits.
  • We are the pioneer of ISO 27001, having led the world’s first successful implementation project.
  • Our vast technical expertise, combined with extensive experience implementing frameworks and standards across a broad range of industries and countries, means we are unrivalled in our depth and breadth of services.
  • We work with your organisation to tailor services that meet your budget and business objectives.

Speak to an expert

For more information or advice on data breaches and how you can prevent one, please contact our team of experts.

1Cyber Security Breaches Survey 2018