New analysis of data from the Information Commissioners Office (ICO) has shown that the number of data security incidents being reported has risen by a whopping 75% over the past two years.
The analysis, which was carried out by Kroll, a global risk assessment consultancy, combines publicly available ICO data with information obtained under the Freedom of Information Act.
Data security incident spike with human error a key factor
It covers a broad range of commercial and private personal data including such things as medical information, financial details, employment details, and criminal records details. Worrying, it is the health sector which has reported the largest number of data breaches.
Inevitably, cyber-attacks by malicious actors are a big factor in these breaches. But, Kroll’s analysis suggests they are not the biggest. They found that, of incidents reported in the last year, 2,124 were caused by human error, while only 292 were deemed as cyber-attacks.
This data is not quite as clear-cut as it may sound. Incidents which have been classified as human error include theft of data from either an insecure online location, an unencrypted device, or as paperwork.
Meanwhile, the largest single type of cyber-attack was classified as unauthorised access, which could just as easily come from internally as be caused by a remote hacker.
One statistic which is clear is that the number of reported incidents has risen rapidly. Kroll suggests a number of possible reasons for this. It could be that data security incidents are indeed on the rise. Other reports have suggested as much.
The role of GDPR
But Kroll also suggests that these figures could indicate that more companies and individuals are now willing to report data security breaches. This could be, at least in part down to the new requirements that are being placed upon them by the EU’s new General Data Protection Regulation (GDPR).
An example of this can be found in the spike in data security incidents coming from the health sector. In the past two years, reported incidents from this sector have grown by 41%. However, health is one of the sectors which faced a mandatory reporting requirement even before the implementation of GDPR.
Kroll suggests that, with GDPR now in force, there is likely to be a significant spike in these figures next year as more sectors fall under this mandatory reporting requirement.
“Following the introduction of the GDPR, the business case for investing in cyber-defence has never been stronger”, said Andrew Beckett, the Managing Director and EMEA Leader for Kroll’s Cyber Risk Practice.
“Our analysis of incidents reported to the ICO in the UK shows that people are still the critical factor… Effective cyber-security is not just about technology.
“Often, companies buy the latest software to protect themselves, but the majority of data breaches, and even many cyber-attacks could be prevented by human vigilance or the implementation of relatively simple security procedures.”
How to use a VPN to protect against data security breaches
He is absolutely right. Almost any online security expert will tell you that taking basic online security procedures and following best practice will keep your data secure online in most cases.
Hackers are generally looking for low-hanging fruit and if they come up against encryption or basic security features, most will just look elsewhere. Unless your company has been specifically targeted, standard best-practice security should be enough to protect your online data.
So, what does this best practice entail? It is actually really simple stuff for the most part. Things like using strong passwords on all accounts, not sending sensitive data over unencrypted channels, and not doing work on easy-to-hack public Wi-Fi networks, should be common-sense things but often aren’t.
But perhaps the most important tool to keep your online data safe is to use a VPN whenever you are handling sensitive online information.
By connecting to a VPN server, you are ensuring that all of your online data is encrypted and secure no matter what you are doing online. With a VPN, all of your data is passed through an encrypted tunnel and is therefore inaccessible to hackers, even if you are using an insecure public Wi-Fi network.
Popular VPNs like ExpressVPN and IPVanish guarantee user security and privacy at all times. Not only are the number of individual VPN users on the rise, but the number of businesses requiring their staff to use a VPN when working from home or remotely is growing too.
This latest analysis shows just how important it is to ensure that individuals are equipped and educated to help keep data secure as well as having the technology to keep hackers at bay. And a VPN should play a crucial role in tackling both of these root causes of many data security incidents.