Third-party outsourcers drive UK data breaches, warns Chaucer

Companies and public sector bodies that outsource to third parties are increasing the risk of a data breach, according to insurer Chaucer, as it revealed UK citizens experienced an average five data breaches each last year.

“Far too many are failing to perform enough due diligence on the data they are sharing with these third parties,” said Ben Marsh, class underwriter at Chaucer.

“While outsourcing some data management is a logical step for streamlining a business to make it more profitable, data security should never be compromised. Businesses that outsource to unsecured third parties to cut costs may face very hefty losses – in ransoms, fines or lost customers,” Marsh warned.

Obtaining data from the Information Commissioner’s Office, Chaucer said 312 million individual records were breached in the UK last year, up by 53%, across the population of 67.6 million.

Marsh said the increase in large-scale data breaches is being driven by the growing concentration of data stored by third-party outsourcers, which hold financial details, personal information and medical history.

“The figures are quite shocking. Such vast numbers of people are being impacted in many of these incidents that it equates to every single person in the country suffering a data breach many times over,” he said.

“Growing outsourcing of data management and data processing to third-party providers is fuelling an increase in potential for large scale data breaches, potentially affecting tens of thousands of individuals at a time.”

In addition to data breaches, Chaucer said the number of successful cyberattacks in the UK jumped 20% last year to 11,177.

“Not all data breaches are the result of cyberattacks… companies need to be wary of poor data handling,” Chaucer said.

“Companies must ensure data is hosted in the right place and managed by experts with the proper training. Companies should also include contractual provisions for data breaches in any paperwork they sign with third-party providers – and must ensure those outsourced parties comply with up-to-date regulations.”

Back to top button