Almost half of organisations have been reported to the ICO for a potential data breach

Almost half of organisations have been reported to the ICO for a potential data breach
14.05.2020 01:52 pm

Almost half of organisations have been reported to the ICO for a potential data breach

Data Protection

Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives today announced findings of its annual survey into the attitudes towards data breaches and the implementation of encryption technology within organisations. Almost half (43 per cent) of surveyed IT decision makers said that their organisation has been reported to the ICO since the General Data Protection Regulation (GDPR) came into effect. The survey also highlighted an increase in the implementation of encryption and endpoint control since GDPR was enforced.

A quarter of respondents (25%) said they had notified the ICO of a breach or potential breach within their organisation, whilst 21 per cent have had a breach or potential breach reported by someone else. Over 160,000 breach notifications have been made to data supervisory authorities in the European Economic Area (EEA) since GDPR came into play, according to a data breach survey carried out by law firm DLA Piper, up to the end of January 2020.

“The fact that so many businesses are now choosing to notify of a potential breach is positive, but likely precautionary to avoid falling foul of the requirements and any significant financial or reputational ramifications,” commented Jon Fielding, Managing Director EMEA, Apricorn.

However, these concerns are being mitigated by an increase in encryption and endpoint control. Nearly all respondents (94%) say their organisation has a policy that requires encryption of all data held on removable media. Of those that encrypt all data held on removable media, more than half (57%) hardware encrypt all information as standard on all removable media.

Of those with an information security strategy that covers employees’ use of their own IT equipment for mobile/remote working, Forty two per cent said they permitted only corporate IT provisioned/approved devices, and have strict security measures in place to enforce this with endpoint control, which shows a huge rise compared with 12 per cent in 2019, highlighting a positive shift in focus towards endpoint control.

When questioned on whether they had seen an increase in the implementation of encryption in their organisation since GDPR was enforced, nearly four in ten (39%) have noticed an increase, and their organisation now requires all data to be encrypted as standard, whether it's at rest or in transit. This is a positive step given the number of employees now working remotely as a result of the current pandemic.

Whilst many businesses are currently encrypting devices, they also highlighted that they have no further plans to expand encryption on USB sticks (38%), laptops (32%), desktops (37%), mobiles (31%) and portable hard drives (40%). This is worrying given the risks posed to corporate data being held on unencrypted devices. Businesses should allow only corporately approved, hardware encrypted devices that are whitelisted on the IT infrastructure, and block access to all non-approved media through end point control.

“The wide variety of options for encryption deployment can be intimidating, and companies haven’t been using it effectively. Organisations are now beginning to recognise the importance of endpoint hardware encryption and the need to implement and enforce policies to protect corporate data, ensure compliance with data protection regulations, and reduce the potential for a data breach,” points out Fielding.

When asked about the impact of a data breach on their organisation, more than a third (35%) of respondents cited that damage to the brand and reputation of the business is their main concern. This was followed by concerns over financial costs for incident response and clean-up (28%), loss of customer trust (18%) and financial costs resulting from a fine (12%).

“Focusing on how best to manage and respond to a potential breach in cooperation with data protection authorities is essential. Being able to establish a cause and remediate quickly will put businesses in good stead for breach recovery,” added Fielding.

Employees unintentionally putting data at risk remains the leading cause (33%) of a data breach, with lost or misplaced devices now the second biggest cause (24%), and third parties mishandling corporate information not far behind (23%). This correlates with the fact that despite more than a third (35%) of the survey respondents having complete visibility of which devices employees are using to access the corporate network, they are not certain that all are secure.

Fielding said ‘it’s clear that GDPR is finally having some impact, but businesses need to recognise that compliance is ongoing and they should continue to enforce and update all policies. Equally, more needs to be done in terms of employee awareness and education if they want to reduce the risk of a data breach, particularly given the increase in data moving beyond the corporate network.”

Related News

Kompli-Global helps companies expose bad actors within their customer base

Every major organisation in the United Kingdom has customers that are up to no good, potentially with criminal intentions. Fraudsters and money launderers are clever and, once... Read more »

NICE Actimize and Infosys announce strategic partnership to offer end-to-end financial crime solutions

NICE Actimize, a NICE (Nasdaq: NICE) business and a leader in Autonomous Financial Crime Management and Infosys (NYSE: INFY), a global leader in next-... Read more »

Survey reveals consumers risk online security amid pandemic

There is no question that the pandemic has created large-scale social and behavioural shifts among consumers. Not only has it fundamentally changed attitudes toward risk, but... Read more »

Acronis Cyber Protect Cloud: a “Vaccine” Option for Cyber Threats

Acronis, announced today the global launch of... Read more »

Semafone bolsters security with new PCI DSS certification for Cardprotect Relay+

Semafone®, the leading provider of data security and compliance solutions for call and contact centres, has achieved global... Read more »

Integris Software Releases Data Privacy Dictionary to Improve Global Data Privacy and Compliance

Today, on National Data Privacy Day, Integris Software introduces its Data Privacy Dictionary, a new tool to help data privacy, data governance and data protection... Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel