BREACHES of employee data reported to the UK regulator have hit their highest level in at least seven years, according to new analysis from law firm Nockolds. The company said that reports to the Information Commissioner’s Office (ICO) had increased 5% over the past year to reach 3872 breach incidents in 2025. This is nearly 29% higher than the total number of reported breaches recorded in 2019 (3010), when these records began.
However, cyber-related breaches actually fell by 6% over the past year to 1568, while non-cyber incidents jumped 15% to 2304. Nockolds principal associate, Joanna Sutton, blamed hybrid working for the evolving picture, saying organisations have strengthened their digital defences but have not fully adapted their physical and procedural safeguards.
She noted that even if breaches are accidental, organisations may still be liable if policies are outdated or staff have not been properly trained, emphasising the critical role of HR in aligning human and technical elements of data protection.