A third notified the ICO themselves, while 10 percent were reported by somebody else. A further nine per cent of the IT leaders surveyed did not know whether a breach at their organisation had been reported to the ICO. 

The risk of a data breach is the concern that troubles UK IT leaders the most when thinking about data privacy regulations, cited by 57 percent of respondents. Addressing the variety of threats to data is next on the list (42 percent). 

The survey findings also indicate a lack of cyber-resilience within organisations, which is likely to affect their ability to manage the risk of, respond to and recover from a data breach. Respondents also reported difficulties in adequately identifying or locating data (33 percent ), understanding data obligations (31 percent ), and adequately securing data (25 percent ). 

In addition, when asked about the biggest challenges associated with implementing a cybersecurity plan for remote/mobile working, 39 percent of IT leaders admitted they cannot be certain that their data is adequately secured, 18 per cent said they don’t have a good understanding of which data sets need to be encrypted, and 15 per cent have no control over where company data goes and where it is stored. 

Apricorn Managing Director EMEA Jon Fielding said: “Prioritising the building of cyber-resilience will strengthen an organisation’s ability to prepare for, react to and recover from a cyber-attack. Understanding precisely what data they collect, process and store, where it is located and who has access, all in line with data protection regulations, are vital components in this. A cyber-resilient organisation can quickly retrieve and restore data after an incident, establish and remediate the cause whilst demonstrating transparency and due diligence to regulators.”