Local councils reported 1500 data breaches in 2022

Local councils across the UK are struggling to protect the information and data they handle according to research by software manufacturer Apricorn  - with 1,500 data breaches reported and 600 devices stolen during the course of 2022. 

Suffolk County Council alone reported a total of 651 incidents between September 2021 and September 2022 and Warwickshire County Council declared that they had 367 breaches, 

“Data breaches are a daily occurrence, but when local authorities are racking up hundreds in a very short space of time, it’s a definite sign that something is amiss,” Jon Fielding, Managing Director, EMEA Apricorn, said. 

“When the first breach occurs, organisations should be looking to address the cause and rectify this as soon as possible. Flags should be raised, security processes checked, and checked again, and staff continually educated on cyber security best practice, whether that be highlighting the use of approved and encrypted storage devices, or simply changing passwords, it’s all critical to the security of data.” 

The figures, while high, demonstrate that local authorities appear to be following the necessary protocols when it comes to disclosing data security incidents.

“That said, with so many significant breaches occurring, they do still have some way to go in terms of protecting the information and data they handle,” said Fielding. 

Having a strategy in place

The latest findings serve to highlight the importance of having a thorough breach reporting strategy in place that can provide detailed information of the incident. 

Kent County Council, which disclosed six data breaches and 55 lost and stolen devices, were able to disclose the volume of data exposed and the current status of the incidents. 

Meanwhile, Hampshire County Council reported on the loss and theft of more than 168 devices, yet declined to provide details of any data breaches in that time. 

Common threats

The reports notes some common threats to data, including third party risks, user error and insider threats and network account compromises. 

“These are security breaches that can very easily be avoided. When employees are left to their own devices, even the best technical measures are likely to fail,” said Fielding. 

He points out that government organisations must be proactive and ensure they are building stronger security cultures with defined policies, such as encryption and endpoint control solutions to all devices.