Skórzewiak – stock.adobe.com
The Information Commissioner’s Office is urging organisations to be transparent and learn from each other’s mistakes as it reveals most of the cyber attacks it responds to stem from the same core errors
With the majority of cyber attacks reported to the UK’s Information Commissioner’s Office (ICO) stemming from basic and common security mistakes, the regulator has said others would be better able to learn and everybody’s security postures might start to improve if victims felt empowered to be more transparent about their experiences.
The ICO said that over 3,000 breaches were reported to it in 2023, of which 22% affected organisations in the financial services industry, with the retail and education sectors accounting for 18% and 11% of reports respectively.
In the Learning from the mistakes of others report, the ICO has compiled practical advice to help organisations better understand common security failings and take simple steps to improve their own security to prevent breaches before they can take place.
“People need to feel confident that organisations are doing as much as they possibly can to keep their personal information secure,” said Stephen Bonner, ICO deputy commissioner for regulatory supervision.
“While cyber attacks are growing more sophisticated, we find that many organisations are not responding accordingly and are still neglecting the very foundations of cyber security.
“As the data protection regulator, we want to support and empower organisations to get this right,” he said. “While there is no single solution to prevent cyber attacks, there is absolutely no excuse for not having the foundational controls in place. These are essential to protecting people’s personal information and we will take action, including fines, against organisations that are still not taking simple steps to secure their systems.
“If you do experience a cyber attack, we always encourage transparency as your mistakes could help another organisation to avoid a similar breach,” said Bonner.
Five causes of breaches
The report zeroes in on the five biggest causes of the breaches reported to the ICO, and for seasoned