Since 2019, the ICO has been tracking reported data breaches. Taking a deep dive into the data, leading UK data breach solicitors, Hayes Connor, highlights which sectors experienced the most data breaches last year and beyond.

The legal sector are frequent violators, coming in 6th place for data breaches in 2023. Overall, the top 10 offenders, and the percentage of total incidents each sector was responsible for in the last year, were as follows:

1. Health                                                 17.42%
2. Education and childcare                     14.44%
3. Finance, insurance and credit             10.93%
4. Local government                               9.90%
5. Retail and manufacture                      9.76%
6. Legal                                                    7.31%
7. Charitable and voluntary                    6.63%
8. Land or property services                   4.31%
9. Transport and leisure                          3.58%
10. Online Technology and Telecoms       2.92%

Hayes Connor’s study found that the health sector made up around 1 in 5 reported data breach cases last year. On average across the 5-year span, the health sector remains at the top of the list year on year, at almost 1 in 5 cases from 2019 to 2023.

The education and childcare sector came 2^nd place last year, making up almost 1 in 7 cases. The finance, insurance and credit sector came 3^rd, making up over 1 in 10 cases.

Hayes Connor also analysed the types of data that had been breached within each sector. The research found that, in 2023, basic personal identifiable data was the most common type of data being breached within legal sector data breaches. In fact, this made up 85.80% of data breaches. The second highest form of data breaches involved economic and financial data, at 22.59%.

Concerningly, almost 1 in 5 of total data breaches in 2023 involved children’s data. This is particularly sensitive due to the fact children are less aware of the safeguards, consequences, and risks regarding personal data processing.

In the legal sector last year, 80 cases involved children’s data, making up 1 in 10 of legal incidents.

The findings also showed the different incident types behind the data breaches. The number one reason behind data breaches within the legal sector was through data emailed to the wrong recipient, which made up 26.54% of the legal data breach cases in 2023. 

Phishing showed up as the second most common incident type for this sector, at 19.75%. This demonstrates how human error plays a huge role in many data breach cases in the UK, and thus the importance of internal business training.

It is important to bear in mind that part of the 2018 GDPR regulations require businesses to report a data breach within 72 hours. Failure to notify a breach when required to do so can result in a significant fine of up to £18m, or 4 per cent of your global turnover.

Concerningly, in the legal sector, it’s taking over 72 hours to report 40.99% of their data breaches. This is leaving the sector vulnerable to large fines.

Richard Forest, Legal Director at Hayes Connor, says, “Another year, another representation of how many organisations across all sectors are still failing to implement effective security protocols, leaving personal data vulnerable to breaches which have significant legal and financial repercussions for the entities involved. 

“Despite regulatory advancements, and the introduction of stricter compliance mechanisms, the rate of data breaches remains a serious concern. The recent ICO trends portray a continuous need for vigilance and updated compliance strategies from businesses, especially in how they manage and protect personal data against emerging cyber threats and human error.”

Hayes Connor Solicitors have significant expertise supporting clients who’ve had their data exposed due to data protection negligence. They can support claims for privacy loss, distress, and financial losses. Head here to get in contact with them, or make a claim here.