A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 17 diciembre 2021
As part of DACB’s annual Data Protection and Cyber conference this year, members of our Cyber team ran a session on the statistics and trends that were seen over the past 12 months. This included a high level overview of: the profile of breaches, the experiences with the ICO and data subject notifications.
We have seen a substantial increase in both the volume of enquiries and new matters progressing beyond the initial enquiry, 85% up from last year.
In 2019/20, the matters we dealt with which involved breaches, contained mostly malicious breaches (83%). However in 2021, we observed that the proportion of non-malicious breaches had increased, with a split of 29% non-malicious and 71% malicious.
Ransomware remains the most common malicious breach type. Accidental disclosure of electronic documents remains our most common non-malicious breach type.
We also broke down our breach matters by client sector. For the second year running, Charity (22%) and Professional Services (14%) were our top two impacted sectors. This year we supported impacted clients in an increasingly diverse array of sectors, with the addition of Transport, Media, Sport and Construction.
This year, DACB had a significant increase in matters which required notification to the ICO (more than double the notifications from 2019/20). We had 45% more matters that required notifications to data subjects.
It may be possible to attribute the increases in notification simply to the increased activity this year. In both 2019/20 and 2020/21, the percentage of our matters which progressed beyond the initial enquiry and were then notified to the ICO increased but remained similar (52% and 58% respectively). Additionally, where notifications to data subjects were made, DACB has observed a similar ratio of required notifications compared to voluntary notifications made across both years (2/3 required notification, 1/3 voluntary notification). Precautionary notifications may also be a factor.
It is promising to report that the ICO has taken no further action in all of the matters DACB have assisted with, for the second year in a row. We noted that 45% of the notifications to the ICO were closed without further investigation. The majority of these matters featured email compromises. 16% of the notifications to the ICO were closed after further investigation; the majority of these matters featured ransomware. The rest are ongoing investigations.
We analysed the average time it took for the ICO to close an investigation; we noted there appeared to be ‘peak times’ in July and December (see figure below.) Looking beyond DACB’s matters, the ICO has been active this past year with 34 monetary penalties and 17 enforcement notices, mostly concerning unsolicited marketing matters.
In 2020/2021, 26% of matters with data subject notifications resulted in claims being made; we found that there is no significant difference to this percentage whether the data subject notification was required or voluntary.
In our experience, the Letters of Claim we receive following data breaches are duplicated and contain non-specific legal arguments. They come from a concentration of claimant law firms we are familiar with. Approximately one quarter of all claims we receive are discontinued after receiving our Letter of Response.
We have also gathered data on the number of days passing between the breach incident and the letter of claim being issued. There are two clear spikes at ~3 months and ~1 year after the breach incident occurred.
London - Walbrook
+44 (0)20 7894 6930
+44(0)117 918 2697
+44 (0) 20 7894 6377
Hans Allnutt, Jade Kowalski, Stuart Hunt
Jade Kowalski, Charlotte Burke
Jade Kowalski, Hans Allnutt
Hans Allnutt, Stuart Hunt
Jade Kowalski, Stuart Hunt
Alexander Dimitrov, Tim Ryan
Astrid Hardy, Hans Allnutt
Julian Miller, Tom Evans
Hans Allnutt, Camilla Elliot
Jade Kowalski, Astrid Hardy
Louise Gallagher, Katie Anderson
Patrick Hill, Hans Allnutt
Andrew Robinson, Summer Montague, Hermanto Moeljo