“Do more” – UK authority issues vague call to bolster cyber defenses


The UK’s Information Commissioner's Office (ICO) has issued a call for all organizations “to boost their cybersecurity and protect the personal information they hold.” Growing threats of cyberattacks are cited as the reason behind the warning.

Over 11,000 incidents were reported in the UK last year, which is a 26% increase compared to 2022, ICO data revealed.

“Our own trend data reveals more organizations than ever are experiencing cybersecurity breaches that put people’s personal information at risk,” ICO said in its statement.

“Organizations must do more to combat the growing threat of cyberattacks.”

Over 3,000 cyber breaches were reported to ICO directly in 2023. The biggest number of incidents were reported in the finance (22%), retail (18%) and education (11%) sectors. Last quarter had the most incidents since at least the third quarter of 2019.

The regulator shared a few illustrative examples.

A hacker was able to penetrate a retailer’s defenses and install malware on over 5,000 payment terminals. Therefore, black hats could harvest customers’ card details when they paid.

“On another occasion, a simple phishing email to a construction company compromised the personal information of over 100,000 people,” ICO stated.

To provide organizations with practical advice so they will better understand security failures and take steps to improve security posture, ICO has published a report called “Learning from the mistakes of others.”

“People need to feel confident that organizations are doing as much as they possibly can to keep their personal information secure. While cyberattacks are growing more sophisticated, we find that many organizations are not responding accordingly and are still neglecting the very foundations of cybersecurity,” said Stephen Bonner, Deputy Commissioner (Regulatory Supervision) at ICO.

“There is absolutely no excuse for not having the foundational controls in place.”

ICO’s report focuses on five leading causes of cybersecurity breaches: phishing, brute force attacks, denial of service, errors, and supply chain attacks.

The authority also provided links to the country’s National Cyber Security Center for additional resources.

The statement ends with a warning that an organization, upon experiencing a data breach, should report it within 72 hours of becoming aware of it.


More From Cybernews

I went filming with an iPhone 15 Pro Max until one of us ran out of energy

Nintendo Switch halts X sharing, Facebook next?

iPad Pro’s M4 chip is the fastest on the market, benchmarks suggest

PR chief of Baidu resigns after demanding 24-hour worker availability

Microsoft’s Xbox announces release date of its mobile gaming store

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked