Reboot Online - ICO Analysis - Y-O-Y Cyber Security Incidents 2024.xlsx

	A	B	C	D	E	G	H	I	J	K	M	N	O	P	Q	R
1	Which industry has seen the biggest growth in cybersecurity incidents? / Which industry has seen the biggest decrease in cybersecurity incidents?
2	Which cybersecurity incident had the biggest increase in reports last year?
3		Sector	Number of cases reported in 2023	Number of cases reported in 2024	2023-2024 percentage change		Incident	Number of cases reported in 2023	Number of cases reported in 2024	2023-2024 percentage change		Time Taken to Report	Number of cases reported in 2023	Number of cases reported in 2024	2024 percentage total	2023-2024 percentage change
4	1	Marketing	40	116	190%	1	Phishing	2053	3366	64%	1	24 hours to 72 hours	3629	4558	51%	26%
5	2	Membership association	117	215	84%	2	Malware	395	362	-8%	2	72 hours to 1 week	1771	1744	20%	-2%
6	3	Social care	153	266	74%	3	Ransomware	3460	3011	-13%	3	Less than 24 hours	1507	1320	15%	-12%
7	4	Justice	6	10	67%	4	Brute Force	311	212	-34%	4	More than 1 week	1474	1269	14%	-14%
8	5	Health	396	643	62%	5	Unauthorised access	323	177	-45%				8891
9	6	Central Government	58	91	57%	6	Denial of Service	6	1	-83%
10	7	Retail and manufacture	1523	2134	40%
11	8	Legal	537	691	29%
12	9	Utilities	67	80	19%
13	10	Land or property services	346	401	16%
14	11	Transport and leisure	371	377	2%
15	12	Online technology and telecoms	345	345	0%
16	13	Charitable and voluntary	684	646	-6%
17	14	Education and childcare	1580	1436	-9%
18	15	Religious	30	26	-13%
19	16	General business	250	209	-16%
20	17	Local government	505	381	-25%
21	18	Finance, insurance and credit	1310	790	-40%
22	19	Regulators	15	8	-47%
23	20	Media	47	15	-68%
24
25
26		YOY total change	6%
27
28
29		Methodology:
30		1. Reboot Online analysed data from the Information Commissioner’s Office (ICO) to identify: a. How many times six major cyber security incidents were reported to the ICO in the first three quarters of 2023 and 2024. b. How many times each sector reported cyber security incidents to the IOC in the first three quarters of 2023 and 2024. c. The time taken to report cyber security incidents to the IOC in the first three quarters of 2023 and 2024. 2. Reboot Online established phishing, unauthorised access, ransomware, malware, hardware/software misconfiguration and brute force as the six major cyber security incident types - as included in the IOC report. 3. Reboot Online then calculated how many cases in each section of the analysis were reported to the ICO in the different quarters. 4. Once the figures for each incident type were established, the year-on-year percentage change was calculated using the figures from 2023 and 2024. 5. The figures were then ranked from highest to lowest based on those with the highest percentage increase of cases reported to the ICO. 6. The 2023 case figures for each of the six major cyber security incident types were compared against the 2024 case figures to see if there was a year-on-year increase or decrease (represented as percentages) in case numbers for each of them. This timeframe was analysed because the data for Q4 2024 is not yet available, so to keep a fair analysis the Q1, Q2 and Q3 were reported on for 2023 and 2024. *Political sector was removed as the results were inconsistent
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100