This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

Data breaches

Data breaches are common and affect organisations of all types and sizes.

According to the UK government’s Cyber Security Breaches Survey 2018:

  • 98% of businesses in the UK rely on some form of digital communication or service, and the majority hold personal data electronically.
  • 43% of all businesses – including 72% of large businesses – experienced cyber security breaches or attacks in the past 12 months.
  • The mean cost of these identified breaches or attacks was £2,310 for micro/small businesses, £16,100 for medium-sized ones and £22,300 for large ones.

Moreover, the application of the EU’s GDPR (General Data Protection Regulation) in May 2018 means that organisations that might have taken a more relaxed approach to data protection now find themselves legally obliged to implement clear policies and procedures, as well as technical and organisational measures, to keep the personal data they process safe.

Against this backdrop, all organisations should prepare for data breaches as best they can.

What is a data breach?

A data breach is a compromise of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to protected data – essentially anything that affects its confidentiality, integrity or availability.

(In the vast majority of cases, ‘protected data’ refers to personal data, but it is possible for other types of data to have its confidentiality, integrity or availability compromised.)

What are the biggest data breaches?


Number of compromised records


Yahoo 3 billion August 2013
Equifax 145.5 million July 2017
eBay 145 million May 2014
Heartland Payment Systems 134 million March 2008
Target 110 million December 2013

Data breach causes

Data breaches are not just the result of cyber attacks.

As a rule, people will always take shortcuts to make their jobs easier – and security often suffers in the race for efficiency.

Human error caused 88% of incidents reported to the UK’s ICO (Information Commissioner’s Office) in 2017/18.

Moreover, many cyber attacks rely on human error to gain a foothold in target systems.

The majority of software exploits, for example, are delivered by phishing emails, and ransomware and other malware attacks exploit poor staff security awareness to infect target systems.

How to prevent data breaches

Mitigating data security risks is about far more than just installing antivirus and anti-malware software.

A proactive approach combines appropriate access management policies to ensure staff cannot inappropriately access sensitive information, technological security controls to combat malware and other technological attack vectors, and a staff awareness programme to educate employees about cyber security best practice.

It’s also critical to put measures in place to help you react to incidents quickly and appropriately as soon as you become aware of them.

Will you survive a data breach?

Take our free quiz to find out whether you're prepared for a data breach and receive a free personalised report on how #BreachReady you are. We’ll give you a detailed summary of your answers and offer information and advice on the next steps to take to make.

Start the quiz >>

How to report a personal data breach

If you suffer a data breach, you have a number of reporting obligations.

Under the GDPR, data processors (organisations that process personal data on behalf of data controllers) must notify data controllers (the organisation that determines the purposes and means of the processing) without undue delay after becoming aware of personal data breaches.

Data controllers must notify the ICO without undue delay when they become aware of personal data breaches that are likely to result in a risk to data subjects’ rights and freedoms.

Data controllers must also notify the data subjects themselves if there is a high risk to their rights and freedoms.

Free resources

Download our free Breach Ready guide to learn more about the steps you can take to prepare for data breaches – and find out what to do when you fall victim.

Download free guide

Data breach solutions

IT Governance’s wide range of cyber resilience services can help you at every stage of your incident response:

  • We have an in-depth understanding of the GDPR's requirements and how they can be best met.
  • We provide a complete compliance support service to help organisations prepare for and adapt to the GDPR.
  • Our specialist team has extensive data protection and information security management project expertise, both in the UK and internationally.
  • We offer a total compliance solution consisting of books, toolkits, software, consultancy, penetration testing, training and audits.
  • We’re one of the leading providers of ISO 27001 ISMS implementations and our management team led the world’s first successful ISO 27001 implementation project.
  • Our vast technical expertise, combined with extensive experience implementing frameworks and standards across a broad range of industries and countries, means we are unrivalled in our depth and breadth of services.
  • We work with your organisation to tailor services that meet your budget and business objectives.

Speak to an expert

For more information on data breaches, and how you can prevent one, please contact our team of experts, who can provide advice and solutions.