UMVA has learned that a staggering 19,000 security incidents were flagged to officials within the Ministry of Defence (MoD) over a 14-month period, averaging 45 reports per day.
These incidents, documented through the MoD's Security Incident Reporting Form (SIRF), included a wide range of breaches, from the loss of sensitive items like laptops and phones to reports of device thefts and unauthorized disclosures of information.
According to information obtained by UMVA, sensitive items such as laptops, phones, and USBs were lost at an alarming rate of three times a day on average, totaling over 1,600 SIRF forms.
The data also revealed over 200 reports of device thefts and more than 200 SIRFs recording the loss of potentially sensitive paper documents and notes, raising concerns about the potential for these materials to fall into the wrong hands.
Of particular concern are the over 600 reported losses of assets classified as Attractive to Criminal and Terrorist Organisations (ACTO), which the MoD warns could constitute a threat to life or support and enable a terrorist or criminal threat.
Professor Alan Woodward, a security expert, expressed alarm at the data, stating that it 'smacks of complacency' and highlighting the need for greater vigilance in protecting sensitive information.
UMVA can exclusively reveal that there were close to 150 occasions where there was a failure to escort visitors or personnel, and MoD chiefs were informed of 22 undeclared relationships with restricted country nationals.
The SIRF Forms also raise concerns about how security is approached on sensitive MoD sites, with 400 reports of unauthorized physical access or attempts to gain unauthorized access, as well as almost 350 reports of suspicious drone activity.
Staff made more than 2,700 reports of security rules and procedures being breached, including bringing personal electronic devices into restricted areas and failing to secure material.
The Chair of the Defence Committee in the House of Commons warned that security breaches can cause things to 'go catastrophically wrong,' emphasizing the need for a culture that prioritizes security.
The largest number of incidents – more than 5,000 – related to lost, stolen, or misused ID cards, which experts warned could still 'pose a threat'.
Potential cyber breaches accounted for more than 700 SIRF Forms, but the MoD did not disclose further specific information about those reports.
A Ministry of Defence spokesperson said that they take all breaches of security very seriously and encourage the use of Security Incident Reporting Forms, subjecting all incidents to a security risk assessment and taking further action where necessary.