Figures obtained from the Information Commissioner’s Office (ICO) show a huge growth in the number of self-reported data breaches occurring each year since 2007.
According to the data, local government data breaches have increased by 1609%, with the next largest increases coming from other public sector organisations (1380%) and the private sector (1159%). Data breaches in the NHS have increased by 935%, and central government breaches are up by 132%. The average increase across all eight recorded sectors since 2007 is 1014%.
From November 2007 to November 2008, local governments reported just 11 data breaches, but by 2012 this figure had grown to 188. In addition to local government, the ICO also recorded breaches within the categories of central government, NHS, other public sector, private, telecoms, third sector and “other.” Of all recorded sectors, only telecoms delivered a decrease in the number of data breaches from year to year, falling from 6 breaches in 2010/11 to zero in 2011/2012.
Since the start of Q2 2012, the ICO has been recording more detailed information on data breaches, expanding the categories to include more industry sectors. The most recent results show that the NHS had the most incidents in Q2 2012 with 61 breaches, closely followed by local government (59), with general business (26) ranked third.
The ICO recently released separate figures showing that it had issued almost £2 million of fines in the 12 months leading up to July 2012, more than three times the amount of penalties handed out the previous year. That period included a new record fine, and the ICO’s first fine issued to the NHS.
“The massive increase in data breaches in just five years is fairly startling,” says Nick Banks, head of EMEA and APAC, Imation Mobile Security, “but perhaps more alarming is the consistent year-on-year increase in data breaches since 2007. The figures obtained from the ICO by Imation seem to show that increasing financial penalties have had little effect on the amount of data breaches each year.”
“Undoubtedly there are some mitigating circumstances which have contributed to the rise in annual data breach numbers, such as the introduction of mandatory reporting in certain sectors, plus the increasing amounts of data being stored and accessed. But none of these factors obscures the clear trend of constant increases. The latest full-year figures show that there were 821 data breaches in the UK in 2011/2012, which is deeply worrying. Organisations must take responsibility for preventing breaches, and with so much available technology there really is no excuse for failing to adequately protect data. The current trend of increases must be reversed, and there is no reason why that is not achievable.”