Financial services failing to address data breach risk

The UK’s Information Commissioner’s Office (ICO) has released new data which identifies the sectors which have the worst records for data breaches with the finance, credit, and insurance sector one of the top offenders.

Analysis of the figures by UK data breach solicitors, Hayes Connor, has uncovered the industries most affected by data breaches. They analysed the ICO’s ongoing data security report, which shows how businesses have been conforming to GDPR since its inception.

The findings have revealed the sectors with the highest percentage of data breaches since the ICO began recording their data in 2019. The worst affected sectors, as well as the percentage of data breaches associated with this industry, are:

  1. Health, 19%
  2. Education & Childcare, 14%
  3. Retail & Manufacture, 9%
  4. Local Government, 9%
  5. Finance, Insurance & Credit, 9%
  6. Legal, 8%
  7. General Business, 7%
  8. Charitable & Voluntary, 5%
  9. Central Government, 4%
  10. Land or Property Services, 4%

Hayes Connor’s study found the health sector made up the majority of total data breaches, accounting for almost 1 in 5 cases since 2019.

Interestingly, the education and childcare sector came second place, making up almost 1 in 7 cases. Joint third with the finance, insurance, and credit sector was local government and retail, all making up just under 1 in 10 cases. This amounts to around 2,929 data breaches within each of the third place sectors, out of the total 32,541 data breaches, since 2019.

The report also analysed the types of data that had been breached within the different sectors. The research found that basic personal identifiers being breached came up top within the finance sector, at 74%. The second highest form of data breaches involved economic and financial data, at 37%.

Christine Sabino, Legal Director at Hayes Connor, said, “What’s concerning is the public puts a lot of trust in industries such as the health, government, and education sectors, with the expectation that their data is going to be handled securely.

“With so many of these data breaches being caused by human error, it’s very clear that these industries are in dire need of data handling training, at the very least. With Computer Security Day on 30 November, now is the ideal time for businesses to rethink their data handling practices.”

The findings also showed the different incident types behind the data breaches; the number one reason behind data breaches within the finance sector was due to data being emailed to incorrect recipients. The total number of these cases was 569. There were also 509 cases of data being posted or faxed to the incorrect recipient, and 415 cases of phishing.

It is important to bear in mind that part of the 2018 GDPR regulations require businesses to report a data breach within 72 hours. Failure to notify a breach when required to do so can result in a significant fine of up to £8.7m or 2 per cent of your global turnover.

“Rather concerningly, in the finance, credit and insurance sector, it’s taking over 72 hours to report 37% of their data breaches. This is leaving the sector vulnerable to large fines,” added Sabino.