Data breach reports drop 20% due to Covid-19, ICO says

Open padlock on circuit board
(Image credit: Bigstock)

The Information Commissioner’s Office (ICO) has revealed that there was a 20% fall in personal data breach reports during financial year 2020/21.

The figures, which were published in the ICO’s annual report, revealed a drop from 11,854 in FY2019/20 to 9,532 in FY2020/21.

The report attributes the Covid-19 pandemic as the primary reason for this decline, as well as noting the effect of new mandatory breach reporting in sectors that handle large volumes of personal data.

The healthcare industry reported the highest number of data breaches, the report revealed, making up 16.8% of all personal data breaches reported to the ICO in the last financial year. Education and childcare came in second with 1,160 incidents, making up 13.6%.

Behind those, retail and manufacturing were next at 10.9%, Financial insurance and credit made up 10.5%, and ‘local government’ was fifth with 8.8% of reported cases.

According to the ICO, a huge 71.4% of those reported personal data breaches led to no further action, while 21.6% were investigated further. The report also added that 3.9% of personal data breaches led to informal action being taken, while 0.1% actually led to formal action – which included administrative punishment or a lower-tier fine.

Despite the surprising decline in personal data breach incidents, Chris Ross, SVP Sales International for Barracuda Networks, says business owners and workers must not get complacent.

“Despite what the figures suggest, cyber-attacks targeting remote workers and businesses have increased in intensity over the last 18 months,” he commented.

“This is particularly because more employees were working from home for the first time, and thus more sensitive data has been handled across email, cloud storage and personal devices than ever before, presenting a gold mine of opportunity for hackers.”

He added that a general lack of security provisions and training throughout remote working also contributed to a number of bad and dangerous habits across some employees.

“Our recent research even revealed that malicious emails spend, on average, 83 hours in an employee’s inbox before it is detected or resolved, and perhaps most worryingly, nearly 1 in 30 will click on a link in a malicious email, potentially compromising important business data in doing so,” he added.

“Therefore, businesses must ensure that all employees are provided with regular and tailored security training, so that they can appreciate the seriousness of this threat and react accordingly.”

Daniel Todd

Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.

A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.

He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.