Statistics on Data Breaches in the UK, 2020

Protecting data is a serious consideration for any organisation. When GDPR came into force in May 2018, it became a legal requirement to report certain types of data breaches to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.

In the UK, the expected tapering of reported breaches after 2018 never happened. Instead, 2019 dramatically surpassed the numbers achieved in the previous year, and the trend continued. In 2020, the increase in staff working from home due to the COVID-19 pandemic led rise to a whole new level of security breaches.

As examples, the biggest fine issued by the ICO so far was £183 million against British Airways for violations under GDPR. Details of 500,000 customers were harvested by the attackers by diverting website visitors to a fraudulent site. The law on data breaches is very clear - when an organisation is entrusted with personal data, they must look after it. If they fail to do so, they face scrutiny and penalties that reach into the millions of pounds.

Considering this, some of the UK data breach statistics are still quite staggering:

• 43% of businesses identified cyber security breaches or attacks in the last year
• £16.1k is the average cost of a data breach for SMEs in the UK
• Up to 88% of UK companies have suffered breaches in the last 12 months. That is lower than Germany (92%), France (94%), and Italy (90%)
• 48% of UK organisations were hit by ransomware in the last year, according to Sophos. This is lower than the global average of 51%.
• 13% of UK organizations reportedly paid the ransom.
• 32% of UK companies have cybersecurity insurance that doesn’t cover ransomware.
• One in every 3,722 emails in the UK is a phishing attempt (20% higher than the global average)
• One small business in the UK is successfully hacked every 19 seconds
• Every day, there are 65,000 attempts to hack SMEs, around 4,500 of which are successful
• 33% of UK organisations say that they lost customers after a data breach
• The average remediation cost of a successful ransomware attack to UK enterprises is $840,000
• The average UK cybersecurity budget is around $900,000, compared to an average of $1.46 million globally, according to Hiscox
• Just 31% of UK organizations have done a cyber risk assessment in the last 12 months

Make sure your business is prepared for an attack. Discover what to do if you experience a data breach and find out how to handle a Data Subject Access Request.
Discover how and when to complete a Data Protection Impact Assessment, if you are processing personal data that could be a risk to the rights and freedoms of those individuals whose data you intend to process

Train your staff; make sure they understand the importance of GDPR and the potential risks to the organisation. Help them understand how to identify breaches and red flag situations. With the majority of breaches occurring as a result of human error, the need to provide adequate training has never been so important.