Seven in 10 organisations in the UK have been hit by at least one data breach, a report has shown.
In the last 12 months, 88 per cent of global organisations had suffered at least one data breach, representing a rise of three per cent from 2009, the Symantec-sponsored Ponemon Institute research found.
Furthermore, the number of businesses affected by over five breaches has risen, again up by three per cent over 2009 and 12 per cent from 2008.
A third of UK companies surveyed said they did not have some kind of strategy for using encryption across the enterprise, representing a decline from 40 per cent in 2009.
In more positive news, over half of UK firms reported ramped up use of encryption, largely influenced by regulatory compliance.
Jamie Cowper, data protection specialist at Symantec, said some major security breaches had helped raise awareness among UK firms and convinced them of the need for greater protection.
In particular, the HM Revenue and Customs breach in 2007, when 25 million people's information was lost, was a significant moment, Cowper told IT PRO.
"It seems to have needed that seismic event," he added.
"The UK is definitely ahead of a lot of EU countries as seeing data protection as an issue."
Last month saw the Information Commissioner's Office issue its first fines due to breaches at two different organisations.
In the case of employment services company A4e, an unencrypted laptop was stolen, leading to the loss of personal data on 24,000 people.
Cowper said he expected legislation to soon require more of companies than simple encryption.
"I think we'll get to a point where data loss protection... will become a standard," he added.
PCI compliance, meanwhile, was one of the major drivers behind companies encrypting data, the report showed.
Cowper praised PCI rules for being "very specific" when compared to other regulations, which simply made firms "go to best efforts."
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
