The number of reported data security incidents in the last three months of 2016 fell 21% compared with the previous quarter, according to figures released this month.
Data security incidents down in local government, but up in central – Photo credit: PA
The information, released by data protection watchdog the Information Commissioner’s Office, shows that there were 49 reported data security incidents between October and December 2016, down from 62 in the previous three months.
It takes the total number of data security incidents reported by local government in 2016 to 216.
Meanwhile there was a 20% increase in data security incidents in central government – although the total was still lower than the number in local government, with 12 reported in October to December 2016. This was up from 10 in the previous quarter, and takes the total incidents in central government in 2016 to 43.
When compared with the same period in 2015, both central and local government reported twice as many data security incidents.
“Active cyber defence”: UK’s first National Cyber Security Centre chief sets out strategy
Local councils ‘should be at the forefront’ of national cyber security
Ransomware – what can public bodies do about it?
Overall, the ICO said it received 577 reports of data security incidents between October and December 2016, with the most coming from the health sector – which reported 221.
This was followed by education, with 56, general businesses, which reported 52 incidents, and the finance sector, reporting 37.
The most common issue within local government was a failure to redact data, with 15 of the 49 reported incidents being due to this. The ICO said that there had been a 12% increase in this kind of error across all the sectors between July to September and October to December 2016.
A further eight data security incidents were reported by local government for data being faxed or posted to the wrong recipient, and for a loss or theft of paperwork.
Four incidents were caused by someone failing to use the bcc when sending an email – an error that increased by 43% between the most recent two quarters – and three further incidents were caused by data being emailed to the wrong person.
For central government, five of the 12 incidents were down to data being posted or faxed to the wrong recipient.
The ICO said that there had been an overall decrease of 18% in the number of cyber security incidents in the final three months of 2016 – however this followed a 46% rise between April to June and July to September.
Most of the cyber security incidents in the final quarter of 2016 were in general businesses – which reported 17 incidents – while both central and government reported just one each. Both of these were caused by a misconfiguration, which the ICO said would include the inadvertent publishing of data on website or default passwords.
The government has recently been urged to up its game on cyber security, with the Public Accounts Committee saying that Whitehall lacks the skills to keep up with the changing threats and that the National Cyber Security Centre – launched last year to much fanfare – has yet to clearly define what sectors it will serve, and how.