Credit: PxHere

The information commissioner has claimed that many data breaches reported to his office are eminently “preventable”.

John Edwards, who has been in post since the beginning of this year, said that the data watchdog “has seen a 19% rise in reports of cybersecurity incidents involving people’s personal data over the past two years”.

Many of these breaches would never have taken place if the organisation in question had paid more attention to fundamental security measures, Edwards said. Employers and staff must play their part in ensuring effective cyber best practice.

Related content

• Departments to undergo independent audits of cyber resilience
• EXCL: Levelling Up department exposes personal data in breach
• One in three UK firms suffered phishing attack last year, government study finds

“Our experience is that many of the issues are preventable and getting the basics right is the first step,” the commissioner added. “It’s not a question of do it once and forget about it. It’s about creating a culture of vigilance. Our stats show that a growing number of cyber-attacks come from phishing, with emails looking to trick or persuade staff to share usernames and passwords. Measures such as multi factor authentication help here, but up-to-date staff training is essential to spot and report phishing attempts.”

The regulatory chief claimed that there is a range of information available for organisations that want to improve their cyber posture. He cited, in particular, the work of the National Cyber Security Centre.

“Cybersecurity can seem intimidating, but it doesn’t have to be,” Edwards said. “There’s a wealth of advice available including our practical guide to keeping your IT systems safe and secure as well as information from the NCSC and [its] Cyber Essentials campaign.”

Edwards comments were made to PublicTechnology sister publication Civil Service World, which asked a range of sector experts about the biggest cyberthreats currently facing the UK.