Last updated: 10 Jun 2024 05:00 Posted in:
UK organisations need to beef up their cyber security measures and improve the protection around the personal information they hold – with the finance sector reporting the most cyber attacks in 2023.
The Information Commissioner’s Office (ICO) said that cyber attacks were a growing threat and that more than 3,000 cyber breaches were reported to it in 2023. The sectors that reported the most incidents were finance (22%), retail (18%) and education (11%).
Stephen Bonner, deputy commissioner of regulatory supervision at the ICO, said: “People need to feel confident that organisations are doing as much as they possibly can to keep their personal information secure. While cyber attacks are growing more sophisticated, we find that many organisations are not responding accordingly and are still neglecting the very foundations of cyber security.
“As the data protection regulator, we want to support and empower organisations to get this right. While there is no single solution to prevent cyber attacks, there is absolutely no excuse for not having the foundational controls in place. These are essential to protecting people’s personal information and we will take action, including fines, against organisations that are still not taking simple steps to secure their systems.”
He added: “If you do experience a cyber attack, we always encourage transparency as your mistakes could help another organisation to avoid a similar breach.”
The ICO’s new report, entitled Learning From The Mistakes Of Others, includes advice for firms on how to understand common security failures and take simple steps to improve their own security.
It includes guidance around what the ICO says are the five leading causes of cybersecurity breaches: phishing scams; brute force attacks – where hackers use trial and error to guess log-in details; denial of service attacks, where hackers flood a site with traffic to knock it offline; security setting errors; and supply chain attacks.
"While there is no single solution to prevent cyber attacks, there is absolutely no excuse for not having the foundational controls in place."
Stephen Bonner, Deputy Commissioner of Regulatory Supervision, ICO