HomeInsightsUK Information Commissioner warns that “biggest cyber risk is complacency, not hackers”


The UK Information Commissioner, John Edwards, has warned that companies are leaving themselves open to cyber-attack by ignoring crucial measures such as updating software and training staff. The warning comes as the Information Commissioner’s Office issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire-based construction company, for failing to keep the personal information of its staff secure.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.

The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.

The UK Information Commissioner said: “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn’t regularly monitor for suspicious activity in its systems and fails to act on warnings or doesn’t update software and fails to provide training to staff, you can expect a similar fine from my office.” To read the ICO’s news release in full and for details of the Interserve data breach, click here.