Home office under fire for 120% surge in data loss incidents

Home Secretary facing questions around cyber security risks as reported data loss incidents associated with the Home Office rise 120%

by Patrick Sullivan, Political Editor on 21 September 2020 10:46


The Home Office has recorded a 120 per cent surge in data loss incidents over the two most recent financial years, with 1,895 individual incidents in 2018-19, rising to 4,204 incidents in the most recent financial year, 2019-20.

The data, which was extrapolated from the Home Office’s Annual Report and Accounts 2019-20 and compiled by a cyber security Parliament Street think tank, also included a comprehensive breakdown of the figures.

It revealed that the most common incident was loss of inadequately protected electronic equipment, devices or paper documents from outside secured government premises. 2,404 incidents of this nature were recorded in 2019-20 compared to just 702 the year before – a 242 per cent increase.

A further 946 incidents of lost electronic equipment or documents from secured government premises was also recorded in 2019-20, up from 145 in 2018/19 – a 552 per cent increase. Of the 4,204 total incidents in 2019-2020, 25 were flagged as being particularly severe, and fell within the criteria for notifying the Information Commissioner’s Office. This figure is down from the 35 severe incidents recorded from the year before.

The most common reason for these severe incidents is due to ‘unauthorised disclosure’ – 11 of 25 incidents in 2019-20 were due to this reason, as well as 26 out of 35 from the year prior.

Cyber security expert Andy Harcup, VP, Absolute Software told The Commentator: “It’s vital that key government departments like The Home Office take data security seriously. These figures indicate a myriad of losses of critical devices and data, some of which was so serious it had to reported to the regulator. It’s not uncommon for a missing file or laptop to fall into the wrong hands, giving hackers and cyber criminals access to critical public data.

Harcup added, "Key to tackling this problem is the implementation of sophisticated and robust end-point security, providing IT professionals within the department with full visibility and control over their device: meaning they can freeze or access a laptop, file or device, even if it lands in the wrong hands.”

blog comments powered by Disqus