News

43% of UK organisations have reported a data breach since GDPR

According to a new report, almost half of UK organisations have had a data breach reported to the Information Commissioner’s Office (ICO) since the General Data Protection Regulation (GDPR) came into effect three years ago. The ICO is the UK’s data protection regulator.

The study of UK IT decision makers from enterprise organisations (1000+ employees) was carried out by Vanson Bourne on behalf of Apricorn[1].

Other findings include:

  • only 33% of organisations reported themselves to the ICO
  • 9% did not know whether a breach at their organisation had been reported to the ICO
  • the threat of a data breach is the concern that troubles UK IT leaders the most (57%) when thinking about data privacy regulations
  • 33% reported difficulties adequately identifying or locating data
  • 31% reported difficulties understanding data obligations
  • 25% reported difficulties adequately securing data.

Worryingly, this lack of cyber-resilience does not only make the chances of a data breach more likely, it will also make it difficult for organisations to respond to and recover from a cyber-attack.

Working from home is making data protection challenges tougher

According to the findings, remote/mobile working is also proving challenging.

  • 39% could not be certain that their data was adequately secured
  • 18% don’t have a good understanding of which data sets need to be encrypted
  • 15% have no control over where company data goes and where it is stored.

With changes to working patterns accelerated by the coronavirus pandemic, implementing a robust cybersecurity plan for WFH (working from home) must be a priority for all organisations. Especially as, according to another report, 74% of UK consumers would not shop with an organisation if they were aware that it had been the subject of a data breach or hack in the last 12-months[2].

How to improve data resilience & prevent data breaches

The Apricorn report does provide some key recommendations to help organisations enhance their data security. These are:

  • employee education
  • encrypting all corporate data as standard
  • mandatory offline back-ups.
  • gaining up-to-date visibility of all data.

At Keller Postman UK, we would also advise organisations to invest in cyber security insurance.

Why is cyber insurance necessary?

Until the GDPR, the impact of a data breach on business, while damaging, probably wasn’t too bad for big corporations due to the relatively low level of fines that could be issued. But, since the introduction of the GDPR, fines have skyrocketed.

For example, in 2020 the ICO fined British Airways £20 million, and Marriott £18.4 million for high-profile data breaches.

Despite the threat of fines, many UK organisations are still failing to insure themselves against data breaches. In fact, according to the Association of British Insurers (ABI), only 11% of UK companies are said to have specific cyber insurance.

But standard insurance policies do not cover cyber risk, so every business must now consider cyber insurance to take preventative measures in the face of hackers. Because if a group action data breach claim is made against a company, and it is found liable for data privacy errors, the consequences of not being covered could be catastrophic.

Contact Keller Postman UK to discuss a data breach claim.

[2] https://pressreleases.responsesource.com/news/100273/people-will-avoid-festive-shopping-with-brands-that-have-experienced/

Keller Postman

Share
Published by
Keller Postman
3 years ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

5 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

5 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

5 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

5 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

5 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

5 months ago