What's Happening?
Employee data breaches have surged to their highest level in seven years, according to a new analysis by law firm Nockolds. Reports to the UK's Information Commissioner's Office (ICO) increased by 5% over the past year, totaling 3,872 breach incidents
in 2025. This marks a 29% increase from 2019, when these records began. While cyber-related breaches decreased by 6% to 1,568, non-cyber incidents rose by 15% to 2,304. Joanna Sutton, a principal associate at Nockolds, attributes this trend to the rise of hybrid working, which has not been matched by adequate physical and procedural safeguards. The movement of devices and documents between homes and offices has created vulnerabilities that digital defenses alone cannot address. Sensitive information, such as HR and payroll documents, is increasingly handled outside controlled office environments, leading to more frequent breaches.
Why It's Important?
The increase in employee data breaches highlights significant challenges for organizations adapting to hybrid work models. The rise in non-cyber incidents underscores the need for companies to enhance their physical and procedural data protection measures. Employers are at risk of liability if breaches occur due to outdated policies or insufficient staff training. This situation places a critical emphasis on the role of HR teams in aligning human and technical elements of data protection. The trend also reflects broader concerns about data security in the workplace, as highlighted by a Mimecast report indicating that 42% of global organizations have experienced a rise in cybersecurity incidents due to employee negligence and malicious insiders. The findings suggest that organizations must invest in regular, practical training and update policies to reflect the realities of hybrid working.
What's Next?
Organizations are likely to face increased pressure to strengthen their data protection strategies, particularly in the context of hybrid work environments. This may involve revising policies, enhancing employee training, and implementing more robust physical and procedural safeguards. Companies will need to ensure that sensitive information is handled securely, both digitally and physically, to prevent breaches. As the trend of hybrid working continues, businesses may also explore new technologies and practices to mitigate risks associated with the movement of data between different locations. The focus on data security is expected to intensify, with potential regulatory implications for organizations that fail to adequately protect employee information.
