Almost half of firms 'reported to the ICO for data breach'

New research has revealed that almost half (43 per cent) of surveyed IT decision-makers said that their organisation has been reported to the Information Commissioners' Office since the General Data Protection Regulation (GDPR) came into effect.

Apricon, a manufacturer of hardware-encrypted USB drives, commissioned Censuswide to interview 100 UK CIOs, heads of IT, IT directors and senior IT managers from enterprise organisations within the financial services, IT, manufacturing, business and professional services sectors.

It found that a quarter of respondents said they had notified the ICO of a breach or potential breach within their organisation, whilst 21 per cent have had a breach or potential breach reported by someone else.

Over 160,000 breach notifications have been made to data supervisory authorities in the European Economic Area (EEA) since GDPR came into play, according to a data breach survey carried out by law firm DLA Piper, up to the end of January 2020.

“The fact that so many businesses are now choosing to notify of a potential breach is positive, but likely precautionary to avoid falling foul of the requirements and any significant financial or reputational ramifications,” commented Jon Fielding, EMEA managing director at Apricorn.

However, these concerns are being mitigated by an increase in encryption and endpoint control. Nearly all respondents (94 per cent) said their organisation has a policy that requires encryption of all data held on removable media. Of those that encrypt all data held on removable media, more than half (57 per cent) hardware encrypt all information as standard on all removable media.

Of those with an information security strategy that covers employees’ use of their own IT equipment for mobile/remote working, 42 per cent said they permitted only corporate IT provisioned/approved devices, and have strict security measures in place to enforce this with endpoint control - compared with 12 per cent when the survey was carried out in 2019.

When questioned on whether they had seen an increase in the implementation of encryption in their organisation since GDPR was enforced, 39 per cent said they had noticed an increase.

When asked about the impact of a data breach on their organisation, more than a third (35 per cent) of respondents cited that damage to the brand and reputation of the business is their main concern. This was followed by concerns over financial costs for incident response and clean-up (28 per cent), loss of customer trust (18 per cent) and financial costs resulting from a fine (12 per cent).

“Focusing on how best to manage and respond to a potential breach in cooperation with data protection authorities is essential - being able to establish a cause and remediate quickly will put businesses in good stead for breach recovery,” added Fielding.

Employees unintentionally putting data at risk remains the leading cause (33 per cent) of a data breach, with lost or misplaced devices now the second biggest cause (24 per cent), and third parties mishandling corporate information not far behind (23 per cent). This correlates with the fact that despite more than a third (35 per cent) of the survey respondents having complete visibility of which devices employees are using to access the corporate network, they are not certain that all are secure.

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.