Majority of UK authorities have suffered data breaches since 2013


Over half of all local authorities have experienced a breach of official data in the last two years, according to data from Freedom of Information requests made by Six Degrees Group to all 433 UK local authorities.

The research found that around 60% of authorities do not know the quantities of sensitive ‘official’ data they are storing, or where and how it is being secured; one single unnamed authority was responsible for 213 separate data breaches in the two year period.

Six Degrees said that with two thirds of authorities experiencing some form of data breach, the statistics gathered demonstrate a “comprehensive” lack of knowledge regarding security measures and data security.

Just 2% of authorities hold their data in the cloud, and over a third store their data ‘on-site’, with a total of 61% of respondents unable to say whether official data is held internally or externally.

Almost half of local authorities have no record of a security audit in the last two years, and those that completed audits did so with no official frequency.

Over 60% of authorities have no record of using a Communications-Electronics Security Group (CESG) accredited consultant to work on their security and data storage policy.

This insight reveals a huge gap in approach within authorities across the UK, with a worrying majority lagging in their understanding of the actual position they are in regarding data security, let alone bringing protection up to standard,” commented Campbell Williams, group strategy and marketing director at 6DG.

We see less than half of them classify their data to an officially recognised standard and have regular audits in place to protect their data; this small percentage appears to be in a reasonable position as they aren’t suffering breaches.

The rest are struggling – breaches are commonplace – and what is equally as worrying is the serious lack of insight they have into their own situation.  These Authorities need to act very quickly or more sensitive public data will be lost to potentially criminal sources.”

Related reading