Company news

ICO investigates 791 reported breaches of the Data Protection Act

London – June 2015

Egress Software Technologies, a leading provider of encryption services, has today released figures from a Freedom of Information (FOI) request to the Information Commissioner’s Office (ICO) that demonstrate a concerning 183% rise in reported Data Protection Act (DPA) breach investigations within the financial services industry in the last two years. This increase saw an alarming 585 incidents reported to the ICO during 2014 alone – more than three times the amount of incidents reported by the legal sector for the same period, which reported 187. In total, 791 incidents have been investigated since the start of 2013.

The research shows that all of the UK’s major banks and lenders – including Barclays, HSBC, Lloyds Banking Group, Natwest, Nationwide and Santander – have reported multiple incidents to the ICO in the last two years. These figures come at a time of increased scrutiny of how the financial services industry handles confidential personal and corporate data. Most recently, the Bank of England was revealed to have inadvertently sent highly sensitive financial information regarding the UK’s EU membership to the wrong email address. In fact, human error continues to drive up the number of breaches in all sectors, with the findings of a FOI request submitted by Egress in November 2014 revealing it responsible for 93%.

Across all industries, the ICO has issued civil monetary penalties in excess of £7.5m, £455,000 of which were levied against financial services organisations. This figure could potentially be set to rise when proposed reforms to the EU General Data Protection Regulation comes to power in the coming years. It is expected that the new legislation will introduce fines of up to 2% of annual turnover for a breach.

Egress CEO Tony Pepper comments: “The financial services industry has a responsibility to us all to ensure that the information they manage on our behalf, including bank accounts, mortgages and insurance policies is protected in a highly secure way. Today’s report, however, casts some major concerns over the mistakes they’re making with the information entrusted to them, whether that be citizens’ personal details or highly confidential reports about the economic future of the country. It is staggering to see financial services firms reporting more than three times the number of incidents than the legal sector, which has recently come under targeted fire from the ICO. Today’s findings suggest that similar, if not harsher, criticism ought to be levied at the banks, building societies and insurance firms too.

“With planned reforms to EU General Data Protection Regulations, the financial services industry must take action now or risk falling foul of laws that could see much tougher penalties handed out for a data breach. In fact, it is interesting to note that the monetary penalties issued by the ICO to this sector have historically been so low – perhaps one of the reasons we’re seeing such apparent complacency when it comes to encrypting and controlling the sensitive information financial firms hold. The technology exists for this industry to secure their confidential information – now more than ever is the time for them to implement it.”

About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email.

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value.

Trusted by the world’s biggest brands, Egress has offices in London, Sheffield, Cheltenham, New York, Boston, and Toronto. In April 2024 KnowBe4, the provider of the largest security awareness training and simulated phishing platform, entered into a definitive agreement to acquire Egress.