Reported data breaches in the UK have risen by more than 1,000% in the last five years, according to a Freedom of Information (FoI) request made by storage and security company Imation.
The incredible figures, released by the Information Commissioner’s Office (ICO), relate to self-reported data breaches since 2007.
It seems local government has been the worst culprit, showing a rise of 1,609% over the last five years. Other public sector organisations saw a 1,380% increase, while data breaches reported by private sector companies increased 1,159%. Data breaches reported by NHS bodies increased 935% while central government saw a 132% rise.
Across all eight sections Imation looked at, the average increase stood at 1,014%.
As the results only cover self-reported breaches it seems fair to assume the actual figure is higher. Given that the ICO now has power to fine companies for data breaches it is disappointing to see so many businesses failing to get a grip on their data protection policies.
"The massive increase in data breaches in just five years is fairly startling," said Nick Banks, head of EMEA and APAC, Imation Mobile Security. "But perhaps more alarming is the consistent year-on-year increase in data breaches since 2007. The figures obtained from the ICO by Imation seem to show that increasing financial penalties have had little effect on the amount of data breaches each year."
Banks added that mitigating circumstances, such as the huge increase in data being stored and the introduction of mandatory reporting in certain sectors, can help explain the increases, but only to a certain extent.
"None of these factors obscures the clear trend of constant increases," he said. "The latest full-year figures show that there were 821 data breaches in the UK in 2011/2012, which is deeply worrying. Organisations must take responsibility for preventing breaches, and with so much available technology there really is no excuse for failing to adequately protect data. The current trend of increases must be reversed, and there is no reason why that is not achievable."
These figures are not a huge surprise, given the ICO recently released figures that revealed it has now handed out over £2m in fines for organisations breaking the Data Protection Act over the course of one year.
For the year up to June 30, the ICO issued 68 warnings of one form or another, up 48% from 46 the previous year, the figures revealed.
That period included a £140,000 fine handed out to Midlothian Council following incidents where sensitive personal data relating to children and their carers was sent to the wrong recipients on five separate occasions.
Brighton and Sussex University Hospitals NHS Trust was penalised a record £375,000 after 232 hard drives containing sensitive patient information were stolen. However the Trust is appealing that case on the basis that it was the victim of a crime.