HR urged to lead response over surge in UK data breaches

-

A study by employee engagement platform Reward Gateway | Edenred found that between January 2023 and the first quarter of 2025, 21,978 incidents were reported under UK GDPR rules.

Health accounted for the highest number of cases (3,820), followed by education and childcare (3,246), retail and manufacturing (2,385) and finance, insurance and credit (2,175).

Under the law, organisations must report a breach within 72 hours if there is a risk to individuals’ rights and freedoms. While much of the focus has been on customer and regulatory obligations, researchers said the internal impact on employees is often overlooked.

HRreview Logo

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

Staff wellbeing after breaches

Chris Britton, people experience director at Reward Gateway | Edenred, said organisations typically concentrated on regulatory requirements and customer protection in the aftermath of an incident, but added that “the impact on the workforce is overlooked which could delay and damage both short- and long-term recovery from an incident”.

He said employees often experienced stress, disruption and anxiety during ICO investigations, particularly where systems were restricted or HR platforms were compromised. “This can lead to a significant impact on the mental wellbeing of the workforce and affect workplace cohesion and morale,” he said.

Seasonal patterns and high-profile cases

Analysis of ICO figures also shows seasonal peaks in breaches, with the fourth quarter of 2023 and 2024 recording the highest volumes. November alone accounted for 2,071 cases.

The findings come after several high-profile UK breaches this year, including cyberattacks on the NHS, the British Library and outsourcing firm Capita, all of which exposed sensitive personal data and triggered ICO scrutiny.

In each case, questions were raised not only about data security but also about how staff were supported when systems were disrupted and workloads increased.

Experts said the sharp rise in reported incidents reflected both the volume of sensitive data handled in regulated sectors and the heightened risks from phishing, ransomware and human error. ICO data shows that many breaches result from simple mistakes, such as sending emails to the wrong recipient or failing to secure devices.

Why HR matters in breach response

Reward Gateway | Edenred said HR teams should be embedded in incident planning alongside IT and compliance functions. Their role, it argued, was to reassure employees, provide wellbeing support and maintain morale while investigations were ongoing.

Britton said staff often felt guilt even when they had followed protocol. “Being under investigation by the ICO can lead to paranoia and anxiety, until the consequences are clear for the business,” he said. He urged organisations to involve HR in incident response planning so that employees were kept informed and supported.

The report identified several measures HR teams could adopt to reduce risk and build resilience. They include:

  • Prioritising employee wellbeing year-round, as stressed or burnt-out staff are more likely to make errors.
  • Encouraging work-life balance to reduce exhaustion and accidental lapses in judgement.
  • Strengthening loyalty through investment in employee growth and fair pay, creating a culture where staff feel motivated to protect the organisation.
  • Providing continuous training so that employees can spot emerging cyber threats and avoid impulse clicks.

“Every employee plays a part in data protection,” Britton said, noting that most breaches originated from human error rather than technology.

Managing Editor at Black | Website

William Furney is a Managing Editor at Black and White Trading Ltd based in Kingston upon Hull, UK. He is a prolific author and contributor at Workplace Wellbeing Professional, with over 127 published posts covering HR, employee engagement, and workplace wellbeing topics. His writing focuses on contemporary employment issues including pension schemes, employee health, financial struggles affecting workers, and broader workplace trends.

Latest news

England’s overnight World Cup clash and 5am pub opening prompt CIPD advice

The CIPD is urging organisations to agree any flexibility before England's 1am World Cup last-16 tie to help minimise disruption at the start of the working week.

Russell Cowley: Gen Z – rebuilding workplace culture, break by break

Gen Z workers are taking proper breaks and in doing so, they may be fixing something the rest of us broke.

Fit for Work: Weekend warrior? You can still reap the health benefits

Weekend exercise can still improve long-term health, even for people who struggle to fit physical activity into the working week.

Superdry co-founder’s victim warns workplace power can silence abuse victims

A survivor's account raises questions about speaking-up cultures and accountability in organisations.
- Advertisement -

UK’s always-on work culture ‘driving employee burnout’

Nearly half of UK workers say they end most working days mentally exhausted as rising workplace pressure leaves employees and managers struggling to switch off.

Andrew Murray on why no two days look alike

A people development leader shares how travel, training and a passion for helping others shape a working day with little room for routine.

Must read

Dr. Gill Green: Suicide – the effect on the workplace community

When developing a training element designed to help those...

Curtis Holmes: Payroll is the driver for employee engagement

Payroll has long been treated as a back-office necessity: essential, but not something that shapes culture or drives engagement. This no longer stands.
- Advertisement -

You might also likeRELATED
Recommended to you