ICO Statistics on Data Security Incidents


The Information Commissioner’s Office (ICO) has updated its statistics on data security incidents to include the first quarter of 2024.

There were 2,970 incidents reported to the ICO in Q1 2024, an increase of 21 per cent from the same quarter in 2023. The majority of incidents reported (73 per cent) were non-cyber incidents – defined as breaches that do not have a clear online or technological element involving a third party with malicious intent. The most common type of incident was data emailed to the wrong recipient, accounting for 18 per cent of the total.

Article 33 of the General Data Protection Regulation (GDPR) requires organisations to report data breaches within 72 hours of discovering them. This occurred in 62 per cent of cases in Q1 2024. In 50 per cent of incidents, fewer than ten people’s personal data was involved.

The ICO website contains guidance and resources for organisations on the GDPR. In addition, the National Cyber Security Centre provides a wealth of guidance on cyber security topics.

Share this article