Context
The ICO has published statistics regarding data security breaches on a page containing information reported to it. The information is published to help organisations understand what to look out for and help them to take appropriate action.
Data security incidents occur when organisations do not have “appropriate technical or organisational measures” to protect the personal data they hold. This is a requirement of the UK General Data Protection Regulation (UK GDPR), under Principle (f): Integrity and confidentiality (security). They are a major concern for those affected and a key area of action for the ICO. Organisations are required to report breaches within 72 hours of discovery under Article 33 of the UK GDPR.
Key points to note
The figures are reported in an embedded dashboard based on the number of reports of personal data breaches received by the ICO up to Q2 2023. The data is presented in calendar years and quarters.
- During April to June 2023:
- 2,893 incidents were reported to the ICO
- Ransomware was the most common incident type reported (17% of incidents reported)
- Finance, insurance and credit was the most common sector for incidents (17% of total reported)
- 40% of incidents involved the personal data of fewer than 10 people
Next actions
None – for information and awareness.