UK citizens were affected by five data breaches each on average last year*, says leading global specialty (re)insurance group Chaucer.
Figures obtained by Chaucer show that the total number of individuals about whom information was breached in 2023 was 312 million, up 53% from 204 million in 2022**.
Sectors with large numbers of records compromised by data breaches include:
- Central government (196 million individuals impacted)
- Retail and manufacture (29 million)
- Health (18 million)
Ben Marsh, Class Underwriter at Chaucer, says the increase in large scale data breaches is partly being driven by more and more data being concentrated in third party outsourcers. He cites one breach in March 2023 which saw one outsourcing company that managed nearly 400 pension schemes. This data breach is thought to have potentially compromised the data of hundreds of thousands of people – around 90 of those pension schemes filed data breach reports to the ICO.
Says Ben Marsh: “The figures are quite shocking. Such vast numbers of people are being impacted in many of these incidents that it equates to every single person in the country suffering a data breach many times over.”
“Growing outsourcing of data management and data processing to third party providers is fuelling an increase in potential for large scale data breaches potentially affecting tens of thousands of individuals at a time.”
“Private companies and public sector bodies alike are outsourcing to cut costs – far too many are failing to perform enough due diligence on the data they are sharing with these third parties.”
“One high-profile breach last year saw sensitive personal and financial data held by pension providers compromised due to poor data hygiene from an outsourced third party. That third party was clearly not following the same data security protocols as its clients – those clients also failed in their duty to maintain those standards.”
Ben Marsh explains that the data compromised will likely include financial details, medical history, personal information such as addresses and date of birth, all of which can be sold on dark web to scammers and identity fraudsters.
Increase in cyber attacks also contributing to people’s personal data being compromised
The number of successful cyber attack breaches rose 20% last year to 11,177 in 2023, up from 8,948 in 2022. Ben Marsh explains that not all data breaches are the result of cyber attacks, and that companies need to be wary of poor data handling – particular in the aforementioned outsourced service providers and 3rd party data handlers.
Says Ben Marsh: “While outsourcing some data management is a logical step for streamlining a business to make it more profitable, data security should never be compromised. Businesses that outsource to unsecured third parties to cut costs may face very hefty losses – in ransoms, fines or lost customers.”
“Companies must ensure data that is hosted in right place and managed by experts with the proper training. Companies should also include contractual provisions for data breaches in any paperwork they sign with third party providers – and must ensure those outsourced parties comply with up to date regulations.”
Personal data breaches increased 53% last year as companies increasingly rely on third parties with poor data security protocols
*The number of individuals residing in the UK is estimated at 67.6 million. Source: ONS, population estimate for UK mid-2022.
**Source: ICO. Year-end: December 31.
