ICO’s quarterly report reveals over half (57%) of reported security incidents were caused by people inside the organisation
London, UK – 7th July 2021 – Insider data breaches were the top cause of data and cyber security incidents reported to the ICO in the first quarter of 2021, according to the ICO. 57% of reported incidents were caused by insiders, with over 1,000 incidents reported in the first three months of 2021. Misdirected email was behind most of the incidents, with over 400 reports made to the ICO. Phishing was the second-biggest named cause, with over 200 incidents caused by employees falling for malicious emails.
For the fourth quarter running, healthcare was the hardest hit, with over 420 reported incidents in just three months, while financial services was the industry targeted with the most phishing attacks.
Comment from Tony Pepper, CEO of Egress: “Insider risk is every organisation’s most complex security vulnerability, and the ICO’s latest report drives home the true scale of the problem. From misdirected emails to employees falling for phishing attacks, organisations are losing a staggering amount of data through their people. With many organisations aware of only a fraction of these incidents, the true cost of insider data breaches may be much higher than what we’re seeing here.
The technology exists to solve this problem – it’s now up to organisations to ensure that they’re taking the right steps to ensure that their human layer is protected.”
For further information and interview requests, please contact:
Jordan Brackenbury, PR Manager
+44 (0) 207624 8500
Our mission is to eliminate the most complex cybersecurity challenge every organisation faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behaviour such as misdirected emails, data exfiltration and targeted spear-phishing attacks.
Used by the world’s biggest brands, Egress is private equity backed and has offices in London, New York and Boston.