Biggest cyber risk is complacency, says ICO

The ICO has warned that the biggest risk to cyber security is complacency, not hackers, as it fined construction company Interserve £4.4 million for failing to keep personal information of its staff secure.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, and this allowed hackers to access personal data of up to 113,000 employees through a phishing email.

You can read details of the data breach in the full ICO statement at but what lessons are there for our organisations? The ICO recommends:

  • Regularly monitor for suspicious activity and investigate any initial warnings
  • Update software and remove outdated or unused platforms
  • Update policies and secure data management systems
  • Provide regular staff training
  • Encourage secure passwords and multi-factor authentication

If you would like to talk about how you can implement these recommendations, and how to make this as cost effective as possible, you are welcome to get in touch in any of the normal ways, use or by booking a 20-minute insight call at (for TinoPai members, but it’s free to join, and you get lots of other benefits including free live and on-demand webinars).