Off the rails?
In our blog post on the importance of preparing a data breach incident response plan, we highlighted the results of the Information Commissioner’s Office data security incident trends report for Q4 2023, which revealed that it saw a 33% increase on the number of incidents reported to it, with reported cyber incidents increasing by 57%, with only those security breaches relating to personal data which were likely to pose a risk to the rights and freedom of individuals being subject to mandatory reporting requirements under Article 33 UK GDPR. These figures were supported by the results of The Department for Science, Innovation and Technology’s Cyber Breaches Survey 2024, which revealed that half of businesses (50%) and around a third of charities (32%) reported having experienced some form of cyber security breach or attack in the last 12 months.
Notwithstanding the previous government’s National Cyber Security Strategy 2022, which had the stated ambition that by 2025 “A greater number of UK businesses and organisations are proactively managing their cyber risks and taking action to improve their cyber resilience” , the DSIT Cyber Breaches Survey 2024 disclosed that only 31% of businesses and 26% of charities had conducted their own cyber security risk assessment in the previous year and even fewer, just 11% of businesses and 9% of charities, had reviewed the risks posed by their immediate suppliers.
Far from being on track to achieve this ambition, the Information Commissioner’s Data Security Incident Trends report for Q1 2024 indicates that there was an increase in the number of reports of 21% compared to Q1 2023 with cyber incidents increasing by 33%. Concerningly, brute force attacks increased by 85%, suggesting that rudimentary security practices, such as implementing appropriately strong passwords and multi-factor authentication, are still not being widely adopted.
As the new Labour government has committed to launching a Strategic Defence Review within its first year of government, including to address the threat of “hybrid-warfare” including cyber-attacks and misinformation, as well as a new fraud strategy encapsulating online threats, it is imperative that there is a greater impetus on directors and trustees understanding and proactively managing cyber security and information risks.
Find out more about our data protection and data privacy services.