UK Government praises GDPR as cyber security breaches fall, as top lawyer issues warning

GDPR has helped create a fall in cyber security breaches says the government, but companies need muscle memory to grapple with the problem says a top cyber lawyer Cyber security breaches fall, is it thanks to GDPR? image

They are down, but this isn’t a reason to celebrate: cyber security breaches are getting more complicated. According to new statistics from the Department for Digital, Culture, Media and Sport, 32% of businesses identified a cyber security breach or attack in the last 12 months – down from 43% the previous year.

That may seem like a reason to celebrate, but then the data also reveals that among organisations that were attacked, the median number of cyber security breaches has risen from four to six.

It seems cyber security breaches and attacks are getting more concentrated.

The cost has gone up too, the average cost of a cyber attack on a business has gone up by more than £1,000 since 2018 to £4,180.

Data breaches Its not just digital, physical data breaches matter too

Whilst digital data breaches can be catastrophic, businesses cannot dismiss or neglect the effect a physical data breach can have, Ciaran Walsh gets physical as he takes up the story

So it seems the headline figures about fewer organisations falling victim to attacks hides behind a thin veneer.

The government says that GDPR is one of the reasons for the fall.

“The reduction is partly due to the introduction of tough new data laws under the Data Protection Act and the General Data Protection Regulations (GDPR). 30% of businesses and 36% of charities have made changes to their cyber security policies and processes as a result of GDPR coming into force in May 2018.”

Maybe that is right, but the stats also show that 48% of businesses and 39% of charities who were breached or attacked, identified at least one breach or attack every month.

Information Age would like to suggest the problem is that cybercriminals are getting more sophisticated and that maybe they are only attacking organisations after carrying out extensive research into their victims first — so from their point of view, attacking fewer organisations, meaning few organisations falling victim to cybersecurity breaches makes sense.

Average fine for data breaches doubles to £146,000 in just a year

The average value of fines issued by the UK’s data watchdog doubled over the last year to reach £146,000, according to new research released today by London-based professional services firm RPC

Mark Deem, who heads the cyber team at legal practice Cooley said that “businesses are still failing to detect both threat actors and how their networks have been compromised in a first attack; whereas a victim will generally be able to identify subsequent attacks with greater ease.”

He also suggested that GDPR could partly explain why cybersecurity breaches are getting more expensive. “The introduction of mandated notification and increased penalties under GDPR are likely to further drive up the potential financial costs of all data incidents in the future too – whether as a result of an incident becoming notifiable as a breach or the additional investigative work that might be required in order to satisfy the business that notification is not required,” he said.

Too soon to say

Mark Deem also argued that it may be “too soon to determine whether recent legal and regulatory changes have driven the much-needed behavioural and cultural shift of businesses towards robust information security, or whether this trend is likely to be short-lived.

“Genuine cyber-resilience comes from corporate muscle-memory, which is developed from incident response planning with legal, communications and IT security stakeholders, and which is sustained by testing and updating processes on a regular basis.”

AI and data security: a help or a hindrance?

What is AI’s role in data security and whose side is it on?

Digital Minister Margot James said: “With less than three in ten of those companies having trained staff to deal with cyber threats, there’s still a long way to go to make sure that organisations are better protected.

“We know that tackling cyber threats is not always at the top of business and charities list of things to do, but with the rising costs of attacks, it’s not something organisations can choose to ignore any longer.

Latest news

divider
Events
Data Leadership Summit: 12 months on – how GDPR influenced business

Data Leadership Summit: 12 months on – how GDPR influenced business

23 May 2019 / Reflecting on the past 12 months in a panel discussion this morning, Neil Currie, head [...]

divider
Digital Transformation
Digital transformation remains impossible without solving the WAN problem

Digital transformation remains impossible without solving the WAN problem

23 May 2019 / For the last few years, digital transformation has become a major rallying cry for organisations [...]

divider
Case Studies
Fitbit: from start-up to global health phenomenon

Fitbit: from start-up to global health phenomenon

22 May 2019 / Fitbit was founded 12 years ago by Eric Friedman, the current CTO and James Park, [...]

divider
Business Skills
AI and machine learning driving skills revolution in business intelligence

AI and machine learning driving skills revolution in business intelligence

22 May 2019 / An explosion in the growth of emerging technologies such as AI and machine learning is [...]

divider
Data Analytics & Data Science
Making an organisation data literate: Jason Teoh from Openreach, part of BT, talks to Information Age

Making an organisation data literate: Jason Teoh from Openreach, part of BT, talks to Information Age

22 May 2019 / We run the “UK’s digital network business” says Jason Teoh, when he spoke to Information [...]

divider
Data Analytics & Data Science
New report highlights issues around productivity in data science and analytics

New report highlights issues around productivity in data science and analytics

22 May 2019 / Tens of millions of data workers face productivity woes as complexity grows in data science [...]

divider
EMEA
Technology could help UK add 140 billion to GDP

Technology could help UK add 140 billion to GDP

22 May 2019 / Technology in the UK could help boost productivity. The Cisco Productivity Index has found that [...]

divider
DevOps
DevOps and SecOps: how to close the gap between them?

DevOps and SecOps: how to close the gap between them?

22 May 2019 / The International Organisation for Standardisation has published an Open Systems Interconnection reference model for the [...]

divider
The City & Wall Street
Torii secures $3.5m from seed round to bolster SaaS management

Torii secures $3.5m from seed round to bolster SaaS management

21 May 2019 / Torii enables organisations to stay on top of their SaaS use by improving visibility and [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest