The extent of data breaches in the Channel Islands could be at least four times current figures.
Data security experts Logicalis think reported security breaches are just the tip of a data breach ‘iceberg’ … that will hit the Islands when EU General Data Protection Regulations (GDPR) are enacted next year.
Just 43 data protection offences were reported in Guernsey in 2016, and 52 in Jersey, according to figures from the Office of the Data Protection Commissioner and the Office of the Information Commissioner, meaning the real figure across both Islands could be closer to 380.
Tom Bale, Business Development and Technical Director, Logicalis, said: “At the moment there’s no obligation for organisations in the Channel Islands to report data breaches, although that will change from May 2018 when EU GDPR comes in.
“KnowBe4, a security service we work with, suggests less than a quarter of organisations affected by ransomware admit to it. Many don’t even realise they have suffered a security breach until months after the incident so systems, and the data they contain, could be left compromised for long periods. This means the real figure for data breaches is likely to be much, much higher than reported figures.”
According to the Verizon 2017 Data Breach Investigations Report, financial services, health care, and the public sector are the target in one fifth of cyber attacks, with ransomware attacks the fastest growing threat, doubling from 2016.
Data breaches from financial companies in the UK rose by 25% last year. Figures from the UK’s Information Commissioner show the number of data breaches reported by banks, insurers and other financial companies increased from 114 to 140 from March 2016-2017.
The UK Government has confirmed it will introduce a new Data Protection Bill this autumn bringing EU GDPR into UK law ahead of Brexit.
Tom said: “The first step in addressing data security is recognising that cybercrime is an issue that affects everyone from big financial companies to small local businesses. Hacks such as the recent HBO attack, where cybercriminals leaked Game of Thrones scripts, make people think cybercrime only affects high profile organisations. While these organisations are clearly targets, smaller organisations which don’t take data security seriously are at a greater risk.
“Round the clock monitoring, such as through a Security Operations Centre, is the only way to know who is accessing your system, while proper maintenance and management are vital for keeping systems up to date, backed up, and working as reliably as possible. That way when the data security iceberg hits, you will be prepared and protected.”