Data in 2019 - where does it leak?
It has almost been one and a half years since GDPR came into effect and a lot has happened since then. GDPR first appeared on the agenda in 2012 and was already approved in 2014. However, this did not mean that immediate action was taken by companies to meet the requirements. In fact, many companies were not at all ready for GDPR on May 25, 2018. Research by Emerce and NRC (2018), shows that SMEs, in particular, found the new regulation to be more complex than previously thought. It also appeared that several large financial institutions were not ready for GDPR, and that several of them are still not compliant (Solid Professionals, 2018).
|I know that not being ready for GDPR and actually data leaks are of course two different things. Whilst it is not the case that every non-compliant organization is leaking data, one does not exclude the other. But when it does leak ... where does it leak?|
The number of reported data breaches has increased rapidly since the introduction of GDPR. In the Netherlands alone there were fewer than 5,900 data leaks reported in 2016, and just under 10,000 in 2017. At the end of 2018 a total of 20,881 data leaks were reported. No definitive figures are yet known for 2019, but in the first 6 months of the year there were approximately 2,000 reports per month to the Dutch Data Protection Authority. Most of the data breaches reported in 2018 were from the health and welfare sectors (29%), financial services (26%) and public administration (17%). These percentages are comparable with the percentages of previous years (Autoriteit Persoonsgegevens, 2019). But does this mean that these sectors are the worst when it comes to data security? Or are they simply the best at detecting and reporting data breaches?
Data breaches come in various forms
The most frequently reported data breach is a wrongly addressed e-mail or letter containing personal data that should not have been received by the recipient (63%), and the loss of USB sticks and files (14%). Hacking, malware and phishing make up "only" 6% of all reported data breaches. This may not seem like much, but certainly in the case of hacks we see that huge amounts of data are usually captured. While this concerns the reported data breaches, the question is how often has someone gained access to data without the victim being aware of it? I dare not answer this.
However, I can say how often there are vulnerabilities in an IT environment which can be exploited to can gain access to sensitive data. More about this in my next blog. In the meantime, feel free to request a free scan on our website.
About the author
+316 82 41 36 76