If there’s one thing General Data Protection Regulation (GDPR) did for sure, it gave us a clearer picture of the UK cybersecurity landscape.
CybSafe’s new report says that more security breaches were reported to the Information Commissioner’s Office (ICO) in 2019 than in any previous year. A total of 2,376 reports were made, compared with 1,854 in 2018, and 540 in 2017.
The report shows that there was a 28 per cent increase in the number of reported incidents between 2018 and 2019.
In particular, reports of phishing skyrocketed, rising from 16 reports in 2017, to 877 in 2018, to 1,080 in 2019. Of all of the incidents reported to the ICO in 2019, 45 per cent were related to phishing.
Other notable methods included unauthorised access (791 reported incidents), malware/ransomware (243), hardware and software misconfiguration (64), and brute force password attacks (34).
“With GDPR causing a massive surge in reporting during 2018, we might have expected that reports to the ICO would taper off in 2019 - but this wasn’t the case,” commented Oz Alashe, CEO of CybSafe.
“2019 surpassed the numbers achieved in the previous year quite dramatically. In terms of human error data breaches, it was a particularly significant year. As for lessons learned, there’s a lot to take away from these figures. As a nation, we can’t begin to address cyber risk if we only concentrate on technical threats. The human side of the equation is so important. Simple attacks, especially social engineering attacks, continue to dominate the threat landscape. And it’s hard to see that situation changing significantly in the next few years.”
GDPR is a European data protection and privacy regulation introduced in 2018, concerned primarily with the ways businesses store, exchange and use information.