Site navigation

Personal Data Breaches Drop 20%, Says Information Commissioner

David Paul


personal data breaches
Individual data breaches have reduced by almost a quarter this year compared to the same period in 2020.   

The Information Commissioner’s Office (ICO) has reported a 20% drop in personal data breach reports, from 11,854 in the 2019/20 financial year to 9,532 in 2021.

Covid-19 was marked as the primary reason for the drop, as well as the introduction of mandatory breach reporting in sectors that handle large volumes of personal data.

According to the ICO report, the healthcare sector reported the highest instances of data breaches – making up 16.8% of all personal breaches reported.

Education and childcare came second, reporting 1,160 personal data breach incidents over the last year, which is 13.6% of the total recorded.

Retail and manufacturing were next at 10.9%, finance insurance was fourth with 10.5%, and ‘local government’ was fifth, reporting 8.8%.

In late June this year, data collected by security services firm Redscan, revealed that UK councils plagued by a lack of funding and security reported more than 700 data breaches in 2020, which was actually a 10% decrease compared to 2019.

Chris Ross, SVP Sales International for Barracuda Networks commented that, despite a drop in personal data breaches this year, business owners and workers must not get complacent.

“Despite what the figures suggest, cyber-attacks targeting remote workers and businesses have increased in intensity over the last 18 months,” Ross said.

“This is particularly because more employees were working from home for the first time, and thus more sensitive data has been handled across email, cloud storage and personal devices than ever before, presenting a gold mine of opportunity for hackers.”

A large percentage of data breaches from businesses is caused by human error, which was responsible for 90% of the UK’s cyber data breaches in 2019 according to previous research carried out by the ICO.

Further analysis by CybSafe, which has studied the ICO’s stats, shows that nine out of 10 of the 2,376 data breaches reported to the organisation last year were due to mistakes made by end-users.

In December last year, the ICO announced it was working on a data-sharing code of practice – a “practical guide” for firms about how to share personal data, “in compliance with data protection legislation.”

Additionally, the code aims to help firms manage risks; meet high standards; clarify any misconceptions an organisation may have about data sharing and boost their confidence to share data appropriately and correctly.


Data from the latest ICO report revealed that 71.4% of all reported personal data breaches led to “no further action”. However, more than one fifth (21.6%) were investigated further.

Ross continued: “A general lack of security provisions and training throughout remote working also contributed to a number of bad and dangerous habits across some employees.

“Our recent research even revealed that malicious emails spend, on average, 83 hours in an employee’s inbox before it is detected or resolved, and perhaps most worryingly, nearly 1 in 30 will click on a link in a malicious email, potentially compromising important business data in doing so.

“Therefore, businesses must ensure that all employees are provided with regular and tailored security training so that they can appreciate the seriousness of this threat and react accordingly.”

David Paul

Staff Writer, DIGIT

Latest News

Cybersecurity Finance
Cybersecurity Editor's Picks
Climate Editor's Picks Energy Featured
%d bloggers like this: