View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 3, 2016updated 04 Sep 2016 10:36pm

Human error blamed for more than half of UK public sector data breaches

News: GovNewsDirect survey highlights the insider threat.

By CBR Staff Writer

More than half of data breaches in the UK public sector originate from someone who has access to the systems, with loss in many cases being accidental or due to human error, according to the Public Sector Data and Information Security Survey.

Data loss due to internal access could be explained to an extent due to multiple data ownership. Over 80% of respondents claimed to be ‘data owners’, who can authorise or deny access to certain data. The ‘data owners’ are responsible for accuracy, integrity and timeliness, but 19% of data owners didn’t know how many other data owners were there within their organisation.

One of the respondents commented: "Data owners determine who has what level of access but rarely do so and often delegate to IT."

GovNewsDirect conducted the survey at the end of 2015 in collaboration with access rights management firm 8MAN.

The survey covered 600 individuals from the entire public sector, with 68% of them belonging to local authorities, healthcare and education; 28% of respondents were either at director or C-suite level, and 20% had either ‘information’ or ‘IT’ in their job title.

The survey was undertaken to enable public sector employees to compare their practices with other organisations and identify specific areas of concern, with the advent of the new the General Data Protection Regulation (GDPR) across the 28 EU member countries.

A part of Article 8 of the European Convention on Human Rights, the GDPR replaces individual data protection acts across the EU, and could be a challenge to data owners and practitioners.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The regulation seeks to ensure that the data of EU citizens is not lost, transferred to third parties, or subjected to illegal use. It proposes substantial fines for serious cases of data breach or mismanagement.

The survey revealed that 65% of the respondents have serious concerns regarding data security within their organisation, with simple loss of data and errors of staff being the biggest concerns (60%), followed by compliance and IT system failures (40%).

External hacking was a concern for more than 35% of the respondents, while the least concern was about denial of service by hackers.

IT operating costs, cloud security, theft of laptops, lack of staff training, and failure of the staff to follow simple procedures were a few more concerns cited by the respondents.

According to the survey, 60% said data security lapses in their organisations happened due to errors of staff, while 40% said the breaches were because of simple loss of data.

Nearly 75% said they intend to improve data security by tightening procedures.

The annual Information Security Breaches Survey 2015 undertaken previously by PricewaterhouseCoopers on behalf of the UK Government found that breaches in large and small organisations have increased last year from 2014.

90% of large organisations and 84% of small businesses reported that they had suffered a security breach, up from 81% and 60%, respectively, in 2014. 75% of the large and 31% of the small organisations suffered staff related security breaches in 2015.

The average cost per breach in a large organisation also went up to the range of £1.46m – £3.14m, compared with £600,000-£1.15 in 2014.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.