UK businesses will have been subject to thousands of data security breaches by the end of the year, marking a 8.6% annual increase.
The Global Payroll Association (GPA) analysed historic data on the number of annual data protection breaches reported by UK businesses between 2019 and 2023, the number reported in 2024 so far, and how many breaches we are forecast to see before the year is out.
The GPA said its analysis serves as a timely reminder ahead of National Computer Security Day on 30th November, and reveals that, in 2023, there were a total of 3,209 personal data protection breaches in the UK which marked a staggering annual increase of +41% compared to 2022.
This remarkable growth reversed a lot of the good work seen over the preceding years, work that saw the number of incidents drop by -13% in 2020, another -13% in 2021, and then a further-3% in 2022.
In the first half of 2024 (Q1 and Q2), there have already been 1,892 reported data protection breaches that include personal employee data.
It is forecast that by the end of 2024, the UK will have seen 3,483 breaches which will mark an annual increase of +8.6% following 2023’s already disastrous escalation.
The most commonly targeted areas of an organisation are customer service and human resources departments, with 2020 data showing that 60% of attacks were focussed on HR.
This is due to the fact that these teams are in possession of the personal data that cybercriminals consider to be so valuable. Such data includes names, email addresses, home addresses, National Insurance numbers, and bank details.
However, one area of business that is external to HR but is viewed as one of the most susceptible to cyber attacks is payroll. This is because the personal information contained with payroll departments and payroll platforms, including sensitive personal financial data, holds great value to cyber attackers who can either sell the information to criminal third parties, or use it themselves to either steal money from employees or blackmail the employer into paying a ransom.
Melanie Pizzey, CEO and Founder of the Global Payroll Association, says:
“Over the past two years, we have seen an explosive rise in the number of data protection breaches reported by UK businesses, a rise which has largely undone a great deal of the good work seen over previous years when it comes to reducing such incidents.
“Data security is a threat that we must keep front of mind, particularly as the business landscape continues to evolve and embrace new technologies.
“Pay roll is one area where vigilance is of the utmost importance, as any breach can essentially release an employee's most valuable personal data in one fell swoop.
“Businesses with in-house payroll departments need to ensure that they are deploying the most robust security measures possible, and those who rely on third-party payroll providers mustn’t feel shy about interrogating them on what measures they have in place to ensure no breaches are allowed to happen.
“Advising businesses on these matters is central to the work we do at GPA, so we encourage anyone that has concerns to come and speak to us.”