Skip to main content

Almost half of UK organisations have been reported to the ICO over a breach

(Image credit: Image source: Shutterstock/Wright Studio)

Since the General Data Protection Regulation (GDPR) came into effect two years ago, almost half of UK businesses have been reported to the Information Commissioner's Office (ICO) over a data breach.

This is according to a new report from Apricorn, which also claims a quarter of IT decision-makers reported their own organisations, while a fifth were reported by a third-party.

“The fact that so many businesses are now choosing to notify of a potential breach is positive, but likely precautionary to avoid falling foul of the requirements and any significant financial or reputational ramifications,” commented Jon Fielding, Managing Director EMEA at Apricorn.

The survey also found businesses have attempted to ensure compliance by employing encryption techniques and improved endpoint control. Almost all respondents said their company demands all data held on removable media is encrypted and, for more than half, hardware encryption is standard.

The report does, however, suggest a dose of complacency could hurt businesses going forward. Many said they have no further plans to expand encryption on USB drives, laptops, desktops, mobile devices and portable hard drives.

Despite fines for breaches of GDPR often making headlines, financial penalties appear to be the least of businesses' concerns. Respondents said they are most concerned about damage to brand reputation, costs associated with a data breach, and the loss of customer trust.