Netimperative
Netimperative
  • Home
  • Ads
  • Content
  • Mobile
  • E-commerce
  • Social
  • Regulation
  • Video
  • Viral
Menu
  • Apple
  • Amazon
  • Facebook
  • Google
  • twitter
  • WhatsApp
  • YouTube

GDPR 3 years on: 43% of UK organisations reported to the ICO for a data breach

July 20, 2021
GDPR 3 years on: 43% of UK organisations reported to the ICO for a data breach

Almost half (43%) of UK organisations have had a data breach (actual or potential) reported to the ICO since GDPR came into effect, according to a survey.

The study, from Apricorn, a manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, found that one third (33%) notified the ICO themselves, while 10% were reported by somebody else.

A further 9% of the IT leaders surveyed did not know whether a breach at their organisation had been reported to the ICO.

The risk of a data breach is the concern that troubles UK IT leaders the most when thinking about data privacy regulations, cited by 57% of respondents. Addressing the variety of threats to data is next on the list (42%).

The survey findings also indicate a lack of cyber-resilience within organisations, which is likely to affect their ability to manage the risk of, respond to and recover from a data breach. Respondents also reported difficulties in adequately identifying or locating data (33%), understanding data obligations (31%), and adequately securing data (25%).

In addition, when asked about the biggest challenges associated with implementing a cybersecurity plan for remote/mobile working, 39% of IT leaders admitted they cannot be certain that their data is adequately secured, 18% said they don’t have a good understanding of which data sets need to be encrypted, and 15% have no control over where company data goes and where it is stored.

Jon Fielding, Managing Director EMEA of Apricorn, says: “Prioritising the building of cyber-resilience will strengthen an organisation’s ability to prepare for, react to and recover from a cyber-attack. Understanding precisely what data they collect, process and store, where it is located and who has access, all in line with data protection regulations, are vital components in this. A cyber-resilient organisation can quickly retrieve and restore data after an incident, establish and remediate the cause whilst demonstrating transparency and due diligence to regulators.”

Resilience can be enhanced by focusing on four areas:

• Employee education. As detailed in the recent security incident trends report from the Information Commissioner’s Office (ICO), insider risk is the biggest contributing factor in the majority of data breaches. It is critical that employees understand their responsibilities in protecting the information they have access to in line with their corporate security policy. Wherever possible, policy should be automated and enforced through technology such as endpoint control locking USB ports to only accept corporate approved devices.
• Encrypting all corporate data as standard. This is a vital compliance tool: evidence that information was properly secured reduces a company’s obligations under GDPR while ensuring that any breached data can only be accessed by someone with the authority to do so.
• Mandate offline back-ups. Whether done centrally and/or by each employee backing up locally to a corporate-approved encrypted storage device, this ensures data can always be recovered while providing a line of defence against ransomware attacks.
• Gain up-to-date visibility of all data. Companies must be able to map their data’s lifecycle from collection to deletion, including who has access and whether it has been or could be put at risk. This enables a fast and accurate response to incidents – and to regulators’ questions.

Apricorn’s survey highlights that organisations recognise the importance of company-wide data encryption, with 31% of respondents noting that their company now requires all data to be encrypted as standard, whether it’s at rest or in transit, and a further 24% when it’s being stored on their systems or in the cloud. Three quarters (77%) confirm their organisation has a policy of encrypting all data held on removable media.

Jon Fielding continues: ““We expect cyber-attacks will continue to rise, as hackers take advantage of employees once again getting to grips with a new way of working. By providing employees with removable USBs and hard drives that automatically encrypt all data written to them, companies can give everyone the capability to securely store data and move it around offline. These devices can also be used to back up data locally, mitigating the risk of targeting in the cloud, and helping the business to get up and running again fast following a breach or other disruptive event.”

About the survey

The research was conducted during March 2021, by Vanson Bourne. Respondents were 100 UK IT decision makers (CIOs, Heads of IT, IT directors, Senior IT managers etc.) from enterprise organisations (1000+ employees) including financial services, IT, manufacturing, business and professional services.

Apricorn

Regulation Regulation

Archives

Tags

advertising agencies Amazon analytics Android Apple apps Australia BBC brands Brazil broadband China Christmas comScore content digital marketing ecommerce email Entertainment Europe Facebook France games Germany global Google government images infographic local marketing media Microsoft music Privacy retail Search security smartphones technology Twitter UK video YouTube

Recent Posts

  • Top six Valentine’s Day ads for 2022
  • 2021 Halloween: digital marketing campaigns we loved this year
  • Empowering employees; the critical link between EX and CX
  • Investing in in-app social features is a must in a world that is crying out to be connected
  • QR codes, Gen Z and the future of OOH

Copyright © 2023 Netimperative.

Magazine WordPress Theme by themehall.com

We use cookies to improve the website and your experience. We’ll assume you’re okay with this, but you’re welcome to opt-out
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.