A significant surge in financial data breaches affecting the UK central government, soaring by 8,000% between 2019 and 2023, is raising concerns about a potential crisis in public sector cybersecurity.

This situation was revealed by a Freedom of Information request to the Information Commissioner’s Office (ICO).

According to reports of personal data breaches made to the ICO under GDPR rules, the surge impacted millions of individuals, reaching a staggering 195 million people in 2023 alone. Despite confirming a review of its enforcement approach, the ICO is yet to indicate whether this surge will prompt stricter action.

Calls for Stronger Oversight

AJ Thompson, Chief Commercial Officer at IT consultancy Northdoor plc, described the figures as staggering and stressed the need for tougher enforcement to compel the public sector to take the threat more seriously. He also highlighted high-profile incidents, such as cyberattacks targeting ageing IT systems in councils like Sefton, and critical delays in updating legacy software in Bristol City Council, as examples of systemic vulnerabilities.

Thompson emphasised the urgent need for a comprehensive response to address the epidemic of breaches. He suggested that councils partner with third-party IT consultants to implement 360-degree cybersecurity monitoring and advanced solutions like Managed Detection and Response and Security Awareness Training to safeguard data integrity and mitigate risks.

Thompson concluded that collaborative efforts between local governments and third-party partners are crucial to implementing cutting-edge defences against cyber threats. He stressed the importance of proactive measures to prevent catastrophic incidents and mitigate financial penalties from regulatory bodies like the ICO.