In a new presentation on data breaches, the Information Commissioner's Office (ICO) said that 73 cyber incidents had been reported to it during the months of July, August and September this year. There were 50 cyber incidents reported to the ICO across April, May and June, according to statistics previously published by the watchdog.
"There were a total of 598 data security incidents reported to the ICO in the second quarter of this financial year," the ICO said in its presentation. "There has been a lot of interest in relation to cyber incidents recently, and 73 of these reports related to cyber incidents – such as hacking, misconfiguration and denial of service attacks. Cyber risks don’t just affect large companies like TalkTalk, who received a £400,000 fine in September. These risks are present for any data controller who holds personal data electronically."
"We were asked recently whether data controllers will ever be able to keep up with the attackers – or will they always lag behind. An important thing to take from today is that most of the technical attacks we have seen have not involved state of the art technology. They’ve been straightforward attacks that the data controllers could have prevented fairly easily," it said.
The ICO said, though, that data posted or faxed to the wrong recipient and loss or theft of paperwork remain the most common type of security incident reported to it. During July, August and September, there were 114 incidents reported to the ICO where data was incorrectly posted or faxed to the wrong person, and there were 82 data loss or theft incidents.
The ICO said that all types of data security incidents should be considered to be "boardroom issues".
"They need to be addressed from the top, by embedding a culture of data protection compliance within organisations," it said.