Ryan FowlerAnalysis by Reward Gateway | Edenred has revealed that UK organisations reported nearly 22,000 personal data breaches to the Information Commissioner’s Office (ICO) between 2023 and the first quarter of 2025. The findings highlight both sector-specific patterns and seasonal spikes in reporting activity.
The health sector reported the highest number of breaches over the period at 3,820, followed by education and childcare (3,246), retail and manufacturing (2,385), and finance, insurance and credit (2,175). These sectors handle large amounts of sensitive data and often adopt a risk-averse approach to compliance.
Reporting volumes were highest in the final quarter of each year, with Q4 2023 and 2024 recording 5,726 incidents in total. November emerged as the peak month for reporting, accounting for 2,071 cases. Breaches ranged from emails sent to the wrong recipient to cyberattacks exposing customer records.
Chris Britton, people experience director at Reward Gateway | Edenred, said: “A data breach can have far-reaching consequences for organisations and it is right they place emphasis on meeting legal requirements and customer needs in the aftermath. But often the impact on the workforce is overlooked which could delay and damage both short- and long-term recovery from an incident.
“The period after a data breach is discovered is an extremely stressful, disruptive and uncertain time for an organisation and its employees. Many will feel a sense of guilt over the breach, even if they followed protocols.
“Being under investigation by the ICO can lead to paranoia and anxiety, until the consequences are clear for the business. Access to systems may become restricted and usual ways of working disrupted until the event is resolved. This can lead to a significant impact on the mental wellbeing of the workforce and affect workplace cohesion and morale.
“Some breaches may be employee data if HR systems are involved, adding additional stress and concern. No matter the details of the incident, organisations should always act to protect employee wellbeing in its wake and take proactive measures all year round.”
