Figures obtained by data security solutions firm Egress, a data security solutions company, via a Freedom of Information (FOI) request reveal that 4,856 breaches were reported to the ICO (the Information Commissioner’s Office) between 1st January and 20th June 2019.
More than 60% of personal data breaches reported to ICO this year were caused by human error, with healthcare the most-affected sector.
Of those incidents, nearly half (43%) was the result of incorrect disclosure – made up of 20% posting or faxing data to the incorrect recipient, 18% emailing information to incorrect recipients or failing to use Bcc, and 5% providing data in response to a phishing attack.
The remaining 17% was due to data or wrong data shown in a client portal, failure to redact, incorrect disposal of paperwork, loss/theft of paperwork left in insecure location or verbal disclosure of personal data.
Healthcare topped the list of industries most likely to suffer a personal data breach, with the ICO reporting that 18% of all breaches were reported within the sector, compared with 16% within central and local government, 12% within education, 11% within justice and legal, and 9% within financial services.
In Verizon’s 2019 Data Breach Investigations Report, healthcare was the only industry in which the insider threat created more data breaches than external attacks, with 59% of data breaches being associated with internal actors.
According to Verizon, misdelivery was the most common type of human error that led to data breaches, making up 15% of all data breaches affecting healthcare organisations.