‘Organisations must do more to combat the growing threat of cyber attacks’ says the UK’s data protection regulator, the ICO. They go on to say ‘…we will take action, including fines, against organisations that are still not taking simple steps to secure their systems’
In their report they say that:
- Cyber threats are increasing year on year.
- You need to consider the nature of your activities when deciding what is appropriate for your organisation
- Most ransomware incidents are usually the result of poor cyber hygiene rather than sophisticated attack techniques.
- 91% of UK companies stated they had experienced at least one successful email-based phishing attack in 2022. More than a quarter of those (26%), also reported direct financial losses as a result.
- There has been a ten-fold increase in password-based attacks from 2022 to 2023. There were 11,000 attacks per second in April 2023.
- 74% of all breaches include the human element
- There are no silver bullets for information security
- By 2025 Gartner predicts that 45% of organisations worldwide will have experienced attacks on their software supply chains.
During their review, they observed that it’s also important to appreciate the importance of governance and ensure that resources with appropriate skills are available.
Information security is important, not just to protect personal data, but to protect the data you process on behalf of your customers. How secure is the data you store and process?