Billions of UK Organisation Data Breached Over 4 Years

Over 200 million Brits have seen personal data compromised over four years due to UK organisation data breaches. Between the years of 2019 to 2022, hundreds of millions of customers of various businesses have suffered compromised personal information, according to an analysis conducted by security vendor Imperva.


In studying 99,490 data breaches that were reported to the ICO (Information Commissioner’s Office) in the period spanning from April 2019 to December 2022, including more noticeable breaches identified by the Chartered Institute of Information Security (CIISec), revelations showed that over 200 million Brits were compromised in just four years.

Put in perspective, that equals around 3 data thefts per UK citizen. The analysis also showed that malicious attacks by hackers, including malware, phishing and ransomware, were only a third of the breaches reported to the ICO. A larger percentage of incidents came from insider threats.

Smaller instances included unauthorised access to data and data granted access to the wrong parties. A smaller percentage included data being lost or stolen through device theft. Nearly two-fifths of instances contained within the report were result of human error.

Overall Costs

The overall costs of these combined breaches have created a staggering amount. In evaluating these breaches deemed most noticeable by CIISec, a monetary impact on organisations of £13.5bn was documented. Regulatory fines and legal costs accounted for only 6% of this cost.

Terry Ray, Imperva field CTO, forwarded that the UK regulator has shown considerable stance forward on data breaches. Since GDPR fines came into play, ICO penalties have seen a tenfold increase. However, there is always a risk that organisations are prioritising measures of compliance on paper instead of ones that provide genuine data security.

Initiatives that meet the letter of compliance don’t necessarily prevent a financial impact of a data breach, such as customer churn and damage to business reputation, which has the potential to make potential fines small in comparison. Currently, it would take the ICO up to 30 years to fine those organisations to the figure of just one most notable data breach.

What Should Be Happening

Concerning what organisations should be doing to keep their cybersecurity measures in the best order to withstand data breaches, the major issue lies with identifying where all information is, with mixtures of being distributed onsite and offsite in cloud and SaaS applications.

Imperva’s report also highlighted that 32% of data breaches could have been avoided with better data management and security. Important industries continue to be a target, such as education, healthcare, finance and local government being at the top of the chain.

For more information on big data analytics and any future data analytics conference, check out the upcoming events from Whitehall Media.