The extent of data breaches in the Channel Islands could be at least four times current figures, according to data security firm Logicalis.
It believes the problem will become clear when EU General Data Protection Regulations (GDPR) are enacted next year.
Just 43 data protection offences were reported in Guernsey in 2016, and 52 in Jersey, according to figures from the Office of the Data Protection Commissioner and the Office of the Information Commissioner. The real figure across both islands could be closer to 380, says Logicalis.
Tom Bale, Business Development and Technical Director at Logicalis, said: “At the moment, there’s no obligation for organisations in the Channel Islands to report data breaches, although that will change from May 2018, when EU GDPR comes in.
Security service KnowBe4 suggests less than a quarter of organisations affected by ransomware admit to breaches, he said. “Many don’t even realise they have suffered a security breach until months after the incident, so systems, and the data they contain, could be left compromised for long periods. The real figure for data breaches is likely to be much higher than reported figures.”
According to the Verizon 2017 Data Breach Investigations Report, financial services, healthcare and the public sector are the target of one fifth of cyber attacks, with ransomware the fastest growing threat, doubling from 2016.
Data breaches from financial companies in the UK rose by 25 per cent last year. Figures from the UK’s Information Commissioner show the number of data breaches reported by banks, insurers and other financial companies increased from 114 to 140 from March 2016 to 2017.
The UK government has confirmed it will introduce a new data protection bill this autumn, bringing EU GDPR into UK law ahead of Brexit.