Reported data security incidents down 21% in local government
The number of reported data security incidents in the last three months of 2016 fell 21% compared with the previous quarter, according to figures released this month.
Data security incidents down in local government, but up in central - Photo credit: PA
The information, released by data protection watchdog the Information Commissioner’s Office, shows that there were 49 reported data security incidents between October and December 2016, down from 62 in the previous three months.
It takes the total number of data security incidents reported by local government in 2016 to 216.
Meanwhile there was a 20% increase in data security incidents in central government – although the total was still lower than the number in local government, with 12 reported in October to December 2016. This was up from 10 in the previous quarter, and takes the total incidents in central government in 2016 to 43.
When compared with the same period in 2015, both central and local government reported twice as many data security incidents.
“Active cyber defence”: UK’s first National Cyber Security Centre chief sets out strategy
Local councils ‘should be at the forefront’ of national cyber security
Ransomware – what can public bodies do about it?
Overall, the ICO said it received 577 reports of data security incidents between October and December 2016, with the most coming from the health sector – which reported 221.
This was followed by education, with 56, general businesses, which reported 52 incidents, and the finance sector, reporting 37.
The most common issue within local government was a failure to redact data, with 15 of the 49 reported incidents being due to this. The ICO said that there had been a 12% increase in this kind of error across all the sectors between July to September and October to December 2016.
A further eight data security incidents were reported by local government for data being faxed or posted to the wrong recipient, and for a loss or theft of paperwork.
Four incidents were caused by someone failing to use the bcc when sending an email – an error that increased by 43% between the most recent two quarters – and three further incidents were caused by data being emailed to the wrong person.
For central government, five of the 12 incidents were down to data being posted or faxed to the wrong recipient.
The ICO said that there had been an overall decrease of 18% in the number of cyber security incidents in the final three months of 2016 – however this followed a 46% rise between April to June and July to September.
Most of the cyber security incidents in the final quarter of 2016 were in general businesses – which reported 17 incidents – while both central and government reported just one each. Both of these were caused by a misconfiguration, which the ICO said would include the inadvertent publishing of data on website or default passwords.
The government has recently been urged to up its game on cyber security, with the Public Accounts Committee saying that Whitehall lacks the skills to keep up with the changing threats and that the National Cyber Security Centre - launched last year to much fanfare - has yet to clearly define what sectors it will serve, and how.
Paul Maltby claims councils must first renew ageing infrastructure before realising the benefits of machine learning and automation
Select committee claims that, despite appearance of company’s CTO, 39 questions remain unanswered
Gavin Williamson wants technologists and journalists to sign up to help fight against the ‘age of disinformation’
Island’s local authority recruits for a range of leaders to fulfil transformation plan
The cautionary tale of the Leicestershire teenager who hacked high-ranking officials of NATO allies shows the need for improved password security
Which? said a lack of knowledge about data among consumers had led to suspicion and doubt over useful innovations
Calm has turned a section of the 57,509-word EU document into a sleep-inducing audio book
BT's Konstantinos Karagiannis explains ethical hacking and why it's important to exploit vulnerabilities