" It doesn't matter whether you are big or small. If you have an IP address and are connected to the internet, you are fair game as far as hackers and cyber-criminals are concerned. "
Nick Prescott, Information Security Manager, Blackthorn Technologies
Dubbed 'The Year of the Data Breach', 2014 saw a steady stream of serious, in some cases record breaking, data breaches hit the headlines. Some of the world's major household names were hit by cyber-attacks but, although many of those breaches will undoubtedly have affected UK customers, none of the top breaches in terms of the volume of exposed records involved UK-specific organisations.
So, was 2014 'The Year of the Data Breach' in the UK and, more importantly, how has the seemingly endless procession of data breach cases during the last 12 months changed both business and public perceptions?
2014: The Year of the UK Data Breach?
There is ample evidence to suggest that the UK market did indeed follow the upward global trend.
Research commissioned by Experian and carried out by Comres, found that almost one fifth of UK organisations (17%) suffered at least one breach in the last two years.
Meanwhile, over the course of the year, the Information Commissioner's Office (ICO) issued warnings to a number of sectors, including the legal and healthcare professions, pointing out that data breach incidence was steeply on the rise. In its annual report for 2013/14, the ICO also revealed that it had "...been processing record numbers of complaints, answering more questions on our help line, and concluding more enforcement actions than ever before."
Finally, a Freedom of Information Request from Egress Software also revealed a surge in the number of reported data breaches in the UK – comparing reported breaches between April and June 2013, and the same period in 2014. The figures obtained from the ICO – which also suggested a "worrying increase in data breaches as a result of human error" - showed that data breach events were on the rise across the board; for example:
It is fair to say, then, that 2014 may indeed have been the year of the data breach in the UK – but, at the same time, the steep rise in breach events did not perhaps garner the kind of media coverage that can help to increase organisations' awareness and encourage them to take the risks seriously.
In fact, most breaches that become public knowledge in the UK affect big, US-based global brands and take place in jurisdictions like the US, where mandatory notification practically guarantees media coverage. The converse is true in the UK. We have seen an upsurge in the rate of UK businesses affected by data breach but media coverage of UK-specific breaches has been minimal - arguably because notification is, for the most part, not mandatory.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
