SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Uk healthcare data breach warning doctors office patient chart computer
#
Data Protection
#
Breach Prevention
#
Risk & Compliance

Health sector tops UK self-reported data breaches in 2023-2025

Thu, 9th Oct 2025
Author image
By Shannon Williams, Journalist

New analysis of Information Commissioner's Office data by Reward Gateway | Edenred has identified the sectors most likely to self-report data breaches under GDPR legislation while highlighting seasonal patterns in incident reporting.

According to data covering 2023 to the first quarter of 2025, nearly 22,000 self-reported data breach cases were submitted by UK businesses and public sector organisations to the Information Commissioner's Office (ICO).

Personal data breaches, as defined by UK GDPR, involve the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Examples provided include emails sent to the wrong recipient, lost devices containing personal information, cyberattacks exposing records, or staff sharing sensitive data without authorisation.

Organisations are legally required to report a breach to the ICO within 72 hours if it poses a risk to individuals' rights and freedoms. They may also need to notify the people affected, who could be employees, customers, members of the public, or third-party partners.

Sectors most affected

The health sector recorded the highest number of self-reported personal data breaches, with a total of 3,820 cases between 2023 and Q1 2025. The education and childcare sector reported 3,246 breaches, followed by retail and manufacturing at 2,385 and finance, insurance and credit at 2,175.

Organisations operating in these areas typically hold large amounts of sensitive information and are subject to strict regulations and public scrutiny. This often results in adopting a risk-averse and transparent approach to incident reporting.

Seasonal trends were identified, with the fourth quarter (Q4) of both 2023 and 2024 showing the highest rates of breach reports. November was pinpointed as the month with the most activity, accounting for 2,071 incidents. Across Q4 alone, 5,726 cases were reported.

Following a self-reported breach, the ICO assesses the details, the type of data involved, and the level of risk to individuals. It then reviews the response by the organisation and can offer guidance or take enforcement measures when necessary.

Impact on employees

Attention after a breach is often focused on limiting harm to those whose data is compromised, but less so on the effects experienced by staff. Chris Britton, People Experience Director at Reward Gateway | Edenred, highlighted the consequences for the workforce and provided guidance for organisations:

"A data breach can have far-reaching consequences for organisations and it is right they place emphasis on meeting legal requirements and customer needs in the aftermath. But often the impact on the workforce is overlooked which could delay and damage both short- and long-term recovery from an incident.
"The period after a data breach is discovered is an extremely stressful, disruptive and uncertain time for an organisation and its employees. Many will feel a sense of guilt over the breach, even if they followed protocols. Being under investigation by the ICO can lead to paranoia and anxiety, until the consequences are clear for the business. Access to systems may become restricted and usual ways of working disrupted until the event is resolved. This can lead to a significant impact on the mental wellbeing of the workforce and affect workplace cohesion and morale.
"Some breaches may be employee data if HR systems are involved, adding additional stress and concern. No matter the details of the incident, organisations should always act to protect employee wellbeing in its wake and take proactive measures all year round. Here's how:

Britton set out five key recommendations for businesses:

1. Prioritise employee wellbeing and engagement:

"Every employee plays a part in data protection. But research shows most data breaches are caused by human error. Burnt out, stressed and exhausted employees are more likely to accidently compromise an organisation's cybersecurity. Businesses can build a first line of defence by prioritising employee wellbeing 365 days a year."

2. Encourage work-life balance:

"When businesses reward employees for working excessive hours, others will feel obliged to follow suit, creating unhealthy workplace habits. A quarter of employees say work negatively impacts physical and mental health. Poor wellbeing makes employees more vulnerable to accidentally causing a cyber breach. Openly encouraging employees to prioritise work-life balance will create a workforce that is engaged, proactive and more focused on their day-to-day priorities when at work - including data security."

3. Build employee loyalty:

"Investing in your employees' growth, tells them they matter to the business and breeds confidence to contribute and engage meaningfully in the workplace. This can include competitive pay, educational opportunities or leadership training. Meaningful contribution and engagement breeds loyalty and loyalty breeds care for the organisation in which people work. This is an important part of ensuring everyone works towards a common goal and protects the organisation."

4. Involve HR in incident response planning:

"Organisations can easily make the mistake of labelling a data breach as an IT and compliance issue. But responding to a breach should also involve the HR department to reassure employees, keeping them informed and supported and engaged in response planning. HR departments should be available to answer questions, respond to concerns and signpost employees to available wellbeing support."

5. Provide dedicated and real-time training:

"As technology and criminals get smarter, cyber security threats become harder to spot. Employees are left vulnerable if they are not consistently trained and upskilled. Having the confidence to identify threats and avoid impulse clicks will give employees greater confidence, reduce anxiety and maximise productivity."

The analysis was carried out using the latest available data from the Information Commissioner's Office, covering the reporting date and sector of self-reported personal data breach cases recorded between 2023 and the first quarter of 2025.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
The New Face of Social Engineering
Negligence is Warfare
Net-Defence values transferable skills to bridge cyber skills gap
Ayrshire College secures cyber upgrade to enhance student skills
UK firms to deploy AI agents despite risks & job losses ahead

Top stories

Riskified urges fraud vigilance as holiday eCommerce surges
FireMon deepens Zero Trust integration for hybrid security
meshIQ enhances platform with robust automation & observability
Thousands of ASUS routers hijacked in global spying campaign
SingularityNET launches open-source AI platforms to decentralise development