The Information Commissioner has released some statistics on the number of reported incidents.
The interesting thing about the statistics are :-
- The overwhelming majority of incidents are caused by human error of one form or another. It might seem that security is a human problem not a technical one. However it should be remembered that the Information Commissioner is only interested in security incidents where personal data is involved; there are many other incidents. But it is still worth bearing in mind that the most expensive security incidents need solving with education.
- Judging from the statistics, it would seem that the public sector has a much larger problem with data security than the private sector. However the datalossdb “largest incidents” list includes none that are public sector. Perhaps the Information Commissioner’s claim that public sector organisations have a self reporting rule over emphasises that sector?
- These are just about incidents where personal data has leaked … there are plenty of other kinds of incidents.