The number of reports of data security incidents received at the Information Commissioner’s Office (ICO) has increased by 75% over the past two years. That’s according to new analysis conducted by Kroll, a global leader in the areas of risk mitigation and investigative services.
The findings, obtained from a request made under the Freedom of Information Act and an in-depth analysis of publicly available ICO data, reveal details of data breaches which have compromised a broad range of individuals’ personal data, including health or clinical information, financial details, employment details and criminal records or endorsements.
Kroll states the increase in reports indicates that organisations have been gearing up for a new era of transparency around data breaches under the European Union’s (EU) General Data Protection Regulation (GDPR), which came into force in May. Kroll expects both the number of reports and the value of fines issued to increase significantly under the EU’s new GDPR, in turn creating much greater regulatory and reputational risks for businesses.
Andrew Beckett, managing director and EMEA leader for Kroll’s Cyber Risk Practice, explained: “Reporting data breaches wasn’t mandatory for most organisations before the GDPR came into force, so while the data is revealing, it only affords a snapshot into the true picture of breaches suffered by organisations in the UK. The recent rise in the number of reports is probably due to organisations gearing up for the GDPR as much as an increase in incidents. Now that the GDPR is in force, we would expect to see a significant surge in the number of incidents reported as the GDPR imposes a duty on all organisations to report certain types of personal data breach.”