Local government data breaches up 14%

Data breaches reported by local government rose by 14% in the year to March, according to new research.

Freedom of Information requests by Huntsman Security showed local government was second only to health in terms of the number of breaches reported to the Information Commissioner's Office.

Around 70 per cent of breaches reported by councils were due to the disclosure of data in error.

Despite the rise in incidents, Huntsman said local government is showing signs of improvement after gaining a reputation in previous years for poor performance - although the amount of data disclosed in error suggests that identifying and reducing human error or anomalous activity should be a priority.

Overall, data breaches rose by 88 per cent between 2014-15 and 2015-16, with 2,048 incidents reported to the ICO. Data disclosed in error and security breaches from cyber attacks were the main factors behind the rise.

After health and local government, the sectors reporting the most breaches were education, general business, charities and solicitors/barristers. The financial sector, which accounted for only six per cent of all reported breaches, attracted 33 per cent of the financial penalties issued by the ICO.

Huntsman said the average organisation is subject to multiple breaches, of which only some will be detected, so the numbers reported to the ICO are likely to be understated.

It warned that many security teams are being "overwhelmed" by the sheer weight of threat alerts generated by cyber activity, many of which turn out to be benign. 

"There is simply too much data to analyse and verify manually," said Peter Wollacott, chief executive of Huntsman Security. 

"Genuine threats require immediate attention but frequently the investigation of benign and even false alarms can waste a great deal of valuable time and resources. Verizon’s DBIR 2016 gave a clear illustration of this problem, revealing that whilst 84% of attacks compromise their targets within days or less, under a quarter are detected within that timeframe.

"Quite simply, no news is bad news: if breaches aren't being detected, it most likely just means that security analysts are having difficulty finding the needles in the haystack.

"To help them see through the noise generated by security alerts, organisations must find a way to automate threat verification and eliminate the wasted effort that result from false alarms. By using machine learning to identify otherwise 'invisible' threats, security analysts can easily identify those that really matter, and as a result, significantly reduce their time at risk from cyber threats. This in conjunction with automation and streamlining the incident management process means that organisations can put themselves, the ICO and the wider public at greater ease that our data is safe in their hands."