Employee data breaches reported to the UK’s Information Commissioner’s Office reached a seven-year high of 3,872 incidents in 2025, driven largely by a significant rise in non-cyber security failures.

Key points

• Reported data breaches increased by 5% over the past year, marking a 29% rise since 2019.
• Non-cyber incidents, such as lost devices or mishandled paperwork, jumped 15% to 2,304 cases.
• Cyber-related breaches declined by 6% to 1,568, suggesting improved digital defenses but persistent physical vulnerabilities.
• Law firm Nockolds attributes the trend to hybrid working, which complicates the secure handling of sensitive HR, payroll, and medical documents.
• Organizations face potential legal liability for accidental breaches if internal policies and staff training fail to address modern remote work risks.

The shift toward hybrid work environments has created significant security gaps that traditional IT defenses cannot address alone. Companies must now integrate HR and security protocols to protect sensitive employee data and mitigate the rising risk of legal claims stemming from human error.