Data Security Incident Trends by the ICO

The Information Commissioners Office (ICO) gather their data from various channels.

"Information about security incidents comes to us from a variety of sources, including self-reports from data controllers, media reports, whistle-blowers and reports from data subjects".

2017/18 1st Quarter Stats Update

A 27.59% decrease of incidents in the Charity Sector in Qtr 1 of 2017, compared to Qtr 1 of 2016.
 
The Charitable and Voluntary sector was the 'Eighth' most prevalent sector, for data security incidents reported to the ICO between April and June 2017, which saw 21 incidents (down from 'Sixth' in the last quarter of January to March 2017 and 27 incidents) a decrease from the 29 incidents reported between the same period of 2016.
Image of the Tip of an Iceberg

'Tip of the Iceberg' Where is Yours?

The statistics presented below, whilst they don't seem of huge numbers that you maybe at first glance expecting - IS Know How believe, that is because it is literally the very tip of a no doubt very large iceberg, caused by a very many multitude of factors, that are often also evolving.

Most of us have heard of the phrase “It is just the tip of the iceberg” right?  Well, this such phrase reflects the fact that 90% or more of an iceberg is actually underwater. This means that the actual shape or dimensions below the surface, are often incredibly difficult to ascertain. 

It is actually what is below the surface that is of much more concern and interest to IS Know How, where this is just one of the many areas for further investigation by us going forward.

Additionally, with what ISKH is working towards achieving in various areas, it will undoubtedly take some time till we know exactly how wide, deep and solid this below the surface area of the 'Third Sector Data & Cyber Security' iceberg actually is. It is however, a nevertheless a start and a good one at that.

ICO Cyber Incident Classification in their Statistics

Recently, the ICO has "changed the way in which we categorize cyber incidents, to provide a more detailed and useful summary of the different types of issue we are seeing."

This is actually great news, as it will aid showing business owners and those of Third Sector Organisation's; that having a positive, stringent and up to data Data Protection Act implementation within your organisation, can and does help to reduce your Cyber / Data Security Risks.

Source: Information Commissioners Office (2016) (External Link)

ICO 2016 Qtr1 Cyber Incidents by Type Image

Data Security Incident Trends by Sector Overview

"Data security incidents (breaches of the seventh data protection principle and personal data breaches reported under the Privacy and Electronic Communications Regulations) are a major concern for those affected and a key area of action for the ICO. We have published this information to help organisations understand what we’re seeing and take appropriate action".

It is also worth noting that the ICO state:

"Other principle 7 failures' are security incidents that cannot be categorised as one of the other types. Examples include failure to password protect emails containing personal information and processing personal data relating to work on a non-business computer."

Source: Information Commissioners Office (2016) (External Link)

2016 - 1st Quarter Data Security Incident Trends by Sector Image

Fig 1. “Data Security Incident Trends | ICO.” 2016. Accessed September 3. https://ico.org.uk/action-weve-taken/data-security-incident-trends/

The above is a broader overview, just to ease you in to the kind and level of information that the Information Commissioner's Office deal with and deliver to us all. However and of course, IS Know How is specifically interested in both the present and the future, of building a deep analysis of all things Cyber & Data Security related to the UK's Third Sector, including Charities and Social Enterprises.

2017/18 Data Security Incident Trends by Type - Charitable & Voluntary

2017 1st Quarter Data Security Incident Trends Statistics Image

ICO 2017 Qtr1 ICO 2017 Qtr1

*If Viewing On Smaller Devices - Pinch Zoom To View The Above Image In Larger Aspect*

Figs 10, 11 & 12. Excerpt Data created from “Data Security Incidents by Sector | ICO.” 2017. Accessed September 30. https://ico.org.uk/media/action-weve-taken/csvs/2014850/data-security-incidents-csv-201718.xlsx

*Not Reached this period as yet, come back post this quarter of 2017/18* 

*Not Reached this period as yet, come back post this quarter of 2017/18*

 *Not Reached this period as yet, come back post this quarter of 2017/18* 

2016/17 Data Security Incident Trends by Type - Charitable & Voluntary

2016 1st Quarter Data Security Incident Trends Statistics Image

*If Viewing On Smaller Devices - Pinch Zoom To View The Above Image In Larger Aspect*

Fig 6. Excerpt Data created from “Data Security Incidents by Sector | ICO.” 2016. Accessed September 3. https://ico.org.uk/media/action-weve-taken/csvs/1624266/data-security-incidents-by-sector.csv

ICO 2016 Qtr2 Trends

*If Viewing On Smaller Devices - Pinch Zoom To View The Above Image In Larger Aspect*

Fig 7. Excerpt Data created from “Data Security Incidents by Sector | ICO.” 2016. Accessed January 2017. https://ico.org.uk/media/action-weve-taken/csvs/1625494/data-security-incidents-trends.csv

ICO 2016 Qtr3 Trends

*If Viewing On Smaller Devices - Pinch Zoom To View The Above Image In Larger Aspect*

Fig 8. Excerpt Data created from “Data Security Incidents by Sector | ICO.” 2017. Accessed January 2017. https://ico.org.uk/media/action-weve-taken/csvs/2013383/data-security-incidents-201617.xlsx

ICO 2016/17 Qtr4 Trends 

*If Viewing On Smaller Devices - Pinch Zoom To View The Above Image In Larger Aspect*

Fig 9. Excerpt Data created from “Data Security Incidents by Sector | ICO.” 2017. Accessed June 2017. https://ico.org.uk/media/action-weve-taken/csvs/2013383/data-security-incidents-201617.xlsx

2015/16 Data Security Incident Trends by Type - Charitable & Voluntary

2015 1st Quarter Data Security Incident Trends Statistics Image

*If Viewing On Smaller Devices - Pinch Zoom To View The Above Image In Larger Aspect*

Fig 2. Excerpt Data created from “Data Security Incidents by Sector | ICO.” 2016. Accessed July 21. https://ico.org.uk/media/action-weve-taken/csvs/1624266/data-security-incidents-by-sector.csv

2nd Quarter Data Security Incident Trends Statistics Image

*If Viewing On Smaller Devices - Pinch Zoom To View The Above Image In Larger Aspect*

Fig 3. Excerpt Data created from “Data Security Incidents by Sector | ICO.” 2016. Accessed July 21. https://ico.org.uk/media/action-weve-taken/csvs/1624266/data-security-incidents-by-sector.csv

3rd Quarter Data Security Incident Trends Statistics Image

*If Viewing On Smaller Devices - Pinch Zoom To View The Above Image In Larger Aspect*

Fig 4. Excerpt Data created from “Data Security Incidents by Sector | ICO.” 2016. Accessed July 21. https://ico.org.uk/media/action-weve-taken/csvs/1624266/data-security-incidents-by-sector.csv

4th Quarter Data Security Incident Trends Statistics Image

*If Viewing On Smaller Devices - Pinch Zoom To View The Above Image In Larger Aspect*

Fig 5. Excerpt Data created from “Data Security Incidents by Sector | ICO.” 2016. Accessed July 21. https://ico.org.uk/media/action-weve-taken/csvs/1624266/data-security-incidents-by-sector.csv

2015-17 ICO Data Security Incident Annual Trends for Charitable & Voluntary

ICO Data Security Incident Trends Year on Year Stats

Fig 1. “Data Security Incident Trends | ICO.” 2016. Accessed September 3. https://ico.org.uk/action-weve-taken/data-security-incident-trends/

Key Data Security Issues for Charitable & Voluntary Sector in Q1 2016/17

The ICO state that the above points to the main issues for the charitable and voluntary sector were:

  • Cyber incidents – 31% of incidents.
  • Loss or theft of paperwork – 21% of incidents.

Source: Information Commissioners Office (2016) (External Link)

What Next?

Please now go to the following IS Know How  ICO Data Protection Training Video's page and read through the ICO's information that we're reiterating for this and your benefit.

Charitable & Voluntary Data Security Incident Trends

You may also be interested to read the statistics that IS Know How have extrapolated from the ICO's Quarterly based Data Security Incident Trends and specifically for 'Charitable & Voluntary' that they provide for "Data security incidents (breaches of the seventh data protection principle and personal data breaches reported under the Privacy and Electronic Communications Regulations)"

Disclaimer:

ISKH is in no way affiliated with, or working on behalf of the Information Commissioners Office. ISKH is quite simply putting forward the importance of compliance to our target audience(s). Also to support the ICO's drive to show that Data Protection Act compliance, has a positive impact on a business or organisations Cyber / Data Security Positioning. Any externally linked ICO content in the ISKH website, including PDF documents or video media, is offered for information purposes only, as is.


Print   Email