According to statistics from the Office of the Information Commissioner, there were 52 reported data protection breaches in Jersey last year, while a further 43 were recorded in Guernsey.
But Tom Bale, business development and technical director at IT security firm Logicalis, says that the likely figure is around quadruple that number because most firms do not report breaches.
He added that new EU regulations, which were due to come into force next May, would require all attacks to be reported to the authorities within 72 hours of being uncovered.
‘At the moment there’s no obligation for organisations in the Channel Islands to report data breaches, although that will change from May 2018 when EU General Data Protection Regulation comes in,’ said Mr Bale.
‘KnowBe4, a security service we work with, suggests less than a quarter of organisations affected by ransomware admit to it. Many don’t even realise they have suffered a security breach until months after the incident, so systems, and the data they contain, could be left compromised for long periods.
‘This means the real figure for data breaches is likely to be much, much higher than reported figures.’
Both the States of Jersey and Guernsey voted in favour of enacting the new EU regulations when they come into force.
Ransomware attacks, which threaten to publish the victim’s data unless a ransom is paid, are one of the fastest-growing data security threats in the UK, with the reported number doubling last year.
Mr Bale added that small businesses were more susceptible to cyber-attacks than their larger counterparts.
He said: ‘The first step in addressing data security is recognising that cyber-crime is an issue that affects everyone from big financial companies to small local businesses.
‘Hacks such as the recent HBO attack – where cyber-criminals leaked Game of Thrones scripts – make people think cyber-crime only affects high-profile organisations. While these organisations are clearly targets, smaller organisations which don’t take data security seriously are at a greater risk.’
He added that keeping systems up to date and proper IT maintenance could help protect against cyber-attacks.