Breaches involving employee data have soared to their highest level over six years, with reported incidents rising by 14% in 2024. According to a new analysis by law firm Nockolds, the number of reports submitted to the UK’s Information Commissioner’s Office (ICO) jumped from 3,208 in 2023 to 3,679 in 2024.
The spike comes amid ongoing challenges related to remote and hybrid work models. Nockolds pointed out that since the pandemic, the widespread shift to remote working has made it harder for organisations to maintain consistent security measures across all devices and locations. With employees using personal devices and unsecured home networks, the risk of cyber and physical breaches has grown substantially.
Additionally, the increase in device mobility, where laptops and other equipment are more frequently transported, has further exposed organisations to data loss risks through theft or misplacement.
Rise in phishing attacks
One of the most alarming trends noted in the report was the sharp rise in phishing attacks. These incidents, where attackers impersonate legitimate sources such as IT departments or HR personnel to deceive employees into revealing sensitive data, rose by 56%, from 486 in 2023 to 758 in 2024. These attacks target employee information and are often successful because they exploit human error and lack of awareness.
Joanna Sutton, principal associate at Nockolds, warned that these breaches could have serious consequences, particularly for HR departments, which are typically responsible for managing sensitive employee data. She stressed that the human factor remains one of the biggest vulnerabilities in corporate cybersecurity.
From a legal standpoint, companies that demonstrate proactive efforts in securing employee data and updating their cybersecurity policies will likely have a stronger defence in case of a breach.
Nockolds concluded that businesses prioritising cybersecurity, both in terms of technology and employee awareness, can better manage risks, maintain trust, and meet their legal responsibilities.