- 1 in 10 ICO fines are a result of poor data protection, compared to only one ICO fine for ransomware in the past two years
- Insufficient data protection has cost UK business £26 million since 2020
If you speak to a CSO or a CIO about what is keeping them awake at night, you’ll probably hear a lot of concerns about the rising threat of ransomware and the challenges of fighting cybercrime in a business environment of ever-increasing external touch points and vulnerabilities. Despite the NCSC recently citing ransomware as the biggest cyberthreat to businesses, new data from the Information Commissioner Office (ICO) requested by Cisco reveals that basic human error and misplaced data are costing UK companies millions.
Cisco Talos has the largest private threat-detection network in the world. And with nearly every internet connection in the world touching Cisco technology, it’s committed to helping its customers stay secure. In today’s hybrid world, data security and privacy has never been more important and yet the latest ICO data reveals far too many organisations are still being complacent.
The data reveals that 11% of all breaches that were reported in the last two years in the UK, were a result of insufficient organisational data protection, amounting to £26.1 million worth of ICO fines. In comparison, 6% of the breaches were driven by ransomware attacks and in the past two years there has only been one ICO fine issued for a ransomware breach.
| Type | Number of Incidents | Total ICO fine sum (£) |
| Q4 2020 – Q4 2022 | ||
| Loss/theft of device or data left in insecure location | 3337 | 26,185,000 |
| Ransomware | 1949 | 98,000 |
According to the Cisco 2022 Consumer Privacy Survey, 88% of consumers believe the way an organisation treats their customers data is indicative of the way it views its customers. As more consumers place a premium on proper protection of their data, companies have a significant opportunity to meet regulatory requirements while they realise business benefits and build trust with their customers.
Martin Lee, Technical Lead of Security Research at Cisco Talos commented, “In a hybrid world, employees are working from the office, from home and while out and about. Over the past two years organisations’ exposure to information security risks have changed, but data protections may not have kept pace with new working practices. Ransomware remains a major threat but risks due to human error and data loss cannot be overlooked. By keeping data secured in the cloud, security teams can provide oversight to reduce the risk of data being stolen or misused.”
