By Jake Olcott, VP of Strategic Partnerships at BitSight
After years of debate over whether to impose new cybersecurity regulations on companies, General Data Protection Regulation (GDPR) laws went into effect in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever.
Everyone is waiting with bated breath for the first report from the Information Commissioner’s Office (ICO), to be issued after the implementation of GDPR, in order to gain an understanding of the magnitude of breach reporting.
The most recent report from the Information Commissioner’s Office (ICO) has revealed a 29% increase in the number of reported data security incidents, from 3146 between April and June 2018, to 4056 from July to September 2018. This demonstrates a 490% increase compared to the same quarter in 2017. This doesn’t necessarily mean that organisations are experiencing more incidents, but it does means that more are now being reported, as organisations try to tread carefully.
This has inevitably been fuelled by GDPR, as well as the significant data breach incidents that recognisable brands have suffered. However, this increase is also likely due to the new data breach notification requirements under GDPR, which require organisations to report incidents within 72 hours of becoming aware of them.
Drilling into the statistics, most data breach incidents are down to people, processes and inadequate policies. These frequently involve internal users making mistakes, including the incorrect disclosure of data; this accounted for 62% of all data incidents between July and September 2018.