Data Breaches

What is a data breach?

A data breach is a compromise of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to protected data.

A data breach can occur when personal information is mishandled, whether through carelessness, theft, or malicious intent. Once a data breach has occurred, individuals whose information has been compromised may be at risk of identity theft, fraud, or other malicious activity.

Organisations that suffer a data breach may also face legal action, reputational damage, and financial losses.

Since the GDPR (General Data Protection Regulation) came into force, all organisations are legally required to report certain types of personal data breach to the ICO (Information Commissioner’s Office) within 72 hours of becoming aware of the breach.

43% of businesses have experienced a cyber security breach or attack in the past 12 months.1  It’s time to get serious about defending your data.


Free pdf download: 2018 Data Breaches

Data breaches at a glance

98%

of businesses rely on some form of digital communication or service

43%

of businesses identified cyber security breaches or attacks in the last year

£16.1k

the average cost of a data breach for a medium-sized business

What are the biggest data breaches?

Organisation

Number of compromised records

Date

Yahoo 3 billion December 2014
Marriott Hotels 383 million November 2018
Equifax 145.5 million July 2017
Facebook 50 million September 2018
Dixons Carphone 10.2 million July 2017
British Airways 500,000 September 2018
Wonga 270,000 June 2018
Ticketmaster 40,000 April 2017

Why do data breaches happen?

Data breaches aren’t just the result of cyber attacks. There can be many other causes:

  • Weak and stolen credentials:

    Many websites use off-the-shelf software, applications, and plugins, which often contain vulnerabilities that can be exploited by criminal hackers.
  • Application vulnerabilities:

    Common website and web application security issues include potential for injection, privilege escalation and cross-site scripting. 
  • Malware:

    Designed to disrupt and gain unauthorised access to a computer system, malware encompasses Trojans, social engineering, worms, viruses, and spyware.
  • Employee negligence:

    Human error accounted for 88% of incidents reported to the ICO in 2017/18.

How can data breaches be prevented?

Data breach prevention isn’t as simple as just installing antivirus software. Your ability to avoid a breach relies on three pillars: people, processes, and technology.

  • Start with your staff:

    Improving security training for employees is the best defence against cyber attacks. Find out how you can familiarise your staff with the basics of information security with our GDPR and Data Protection Act 2018 Staff Awareness E-learning Course.
  • Implement basic cyber security measures:

    Cyber Essentials is a framework that is suitable for small organisations and can help prevent up to 80 % of cyber attacks through the implementation of five basic controls.  
  • Follow a proven information security framework:

    Implementing an ISMS (information security management system) provides a systematic approach to protecting and managing your organisation’s information through effective risk management and is a more comprehensive approach to information security than Cyber Essentials.
  • Tighten up your technology:

    All organisations should have the following technologies in place:
    • Firewalls
    • Intrusion prevention
    • Switched networks
    • Malware/ virus protection
    • Log file consolidation
    • System monitoring
    • Single sign-on
    • Data leakage prevention
    • Spam filtering

How we can help you prepare for and respond to a data breach

GDPR notification requirements are complicated but complying with them needn’t be. Our Breach Management as a Service will help you respond quickly and effectively to a data breach to meet the Regulation’s 72-hour notification requirement.

Find out more

What makes us different

  • We have an in-depth understanding of the GDPR’s requirements and how they can be met.
  • We provide a complete compliance support service to help your organisation achieve GDPR compliance. 
  • Our specialist team has extensive data protection and information security management project expertise, both in the UK and internationally.
  • We provide a total cyber resilience solution, comprising books, toolkits, software, consultancy, penetration testing, training and audits.
  • We are the pioneer of ISO 27001, having led the world’s first successful implementation project.
  • Our vast technical expertise, combined with extensive experience implementing frameworks and standards across a broad range of industries and countries, means we are unrivalled in our depth and breadth of services.
  • We work with your organisation to tailor services that meet your budget and business objectives.

Find out how we can help you prepare for and respond to a data breach

1Cyber Security Breaches Survey 2018

LEARN
FOR LESS
SAVE 25%