As of January 2025, the most significant data breach incident in the United Kingdom (UK) was the 2017-2018 Dixons Carphone breach. As a result of this incident, 14 million user records were affected, and 5.6 million payment card information was exposed. The Equifax data breach between 2011 and 2016 impacted over 15 million customers nationwide.

As of January 2024, about 21 percent of organizations in the United Kingdom reported experiencing a data breach accident once a month. A further 24 percent said they had encountered a data breach event less than once a month in the past 12 months. Meanwhile, 18 percent said they had experienced a data breach incident once a week.

During the fourth quarter of 2024, data breaches exposed more than a million user data records in the United Kingdom (UK). The figure decreased significantly from nearly 41 million in the quarter prior. Overall, the time between the first quarter of 2022 and the fourth quarter of 2023, saw the lowest number of exposed user data accounts.

As of 2024, the average data breach cost in the United Kingdom (UK) was around 4.53 million U.S. dollars. In the measured period, 2022 registered the highest cost for breached data, more than five million U.S. dollars. The figure, thus, has increased from 3.9 million U.S. dollars since 2020.

A survey conducted in the United Kingdom (UK) from September 2023 to January 2024 found that around 13 percent of businesses that had identified a data breach incident or a cyberattack in the preceding 12 months had seen at least one outcome after the incident. The most common were the situations where the website or online services were taken down or made slower and the temporary loss of access to files or networks.

The Cyber Security Breaches Survey, 2019 was run to understand organisations' approaches and attitudes to cyber security, and to understand their experience of cyber security breaches. Its aim was to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online.

The data have been collected annually since 2016 to understand the views of UK organisations on cyber security. Data is collected on topics including online use; attitudes of organisations to cyber security and awareness of Government initiatives; approaches to cyber security (including investment and processes); incidences and impact of a cyber security breach or attack; and how breaches are dealt with by the organisation. This information helps to inform Government policy towards organisations, including how best to target key messages to businesses and charities so that they are cyber secure (and so that the UK is the safest place in the world to do business online). Please note that the UK Data Service only holds data from 2018 onwards.

The underlying data are useful for researchers to better understand the response across a range of organisations (rather than averages) and for wider comparability over time. The survey originally only covered businesses but was expanded to include charities from the 2018 survey onwards.

A survey conducted in the United Kingdom (UK) between September 2023 and January 2024 found that 14 percent of the respondents needed to implement new measures for future attacks. A further 14 percent said they added staff time to deal with the breach. Additionally, seven percent said the incident stopped the staff from carrying out daily work.

This statistic displays the share of businesses that have had cyber security braches or attacks in the United Kingdom (UK) in 2019. Among all respondents, 32 percent had breaches in the past 12 months. With respect to business size, 40 percent of small firms experienced cyber security breaches in the past 12 months.Concerning the size of businesses, micro businesses had two to nine employees, small businesses had 10 to 49 employees, medium businesses had 50 to 249 employees and large businesses had 250 employees or more. On the other hand, there were many types of cyber security breaches experienced by businesses in the past 12 months such as malware.

Abstract copyright UK Data Service and data collection copyright owner.

The Cyber Security Breaches Survey, (CSBS) is run to understand organisations' approaches and attitudes to cyber security, and to understand their experience of cyber security breaches.. The aim of the survey is to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online.

These surveys have been conducted annually since 2016 to understand the views of UK organisations on cyber security. Data are collected on topics including online use; attitudes of organisations to cyber security and awareness of Government initiatives; approaches to cyber security (including investment and processes); incidences and impact of a cyber security breach or attack; and how breaches are dealt with by the organisation. This information helps to inform Government policy towards organisations, including how best to target key messages to businesses and charities so that they are cyber secure (and so that the UK is the safest place in the world to do business online). The study is funded by the DCMS as part of the government's £2.6 billion National Cyber Strategy 2022 to protect and promote the UK in cyber space.

The underlying data are useful for researchers to better understand the response across a range of organisations and for wider comparability over time. The survey originally only covered businesses but was expanded to include charities from the 2018 survey onwards. From 2020, the survey includes a sample of education institutions (primary and secondary schools, further and higher education). Please note that the UK Data Service only holds datasets on each specific year from 2018 onwards.

Cyber Security Breaches Survey: Combined Dataset, 2016-2022 includes data from 2016 to 2022. This is cross-sectional data only and not all variables are included in all years. For longitudinal data, please access the Cyber Security Longitudinal Survey: Wave 1, 2021 (available from the UK Data Archive under SN 8969) and onwards.

Further information and additional publications can be found on the GOV.UK Cyber Security Breaches Survey webpage.

Views, experiences and behaviours of organisations (UK businesses and charities) on cyber security and cyber security breaches.

Abstract copyright UK Data Service and data collection copyright owner.

The Cyber Security Breaches Survey, 2020 was run to understand organisations' approaches and attitudes to cyber security, and to understand their experience of cyber security breaches. Its aim was to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online.

The data have been collected annually since 2016 to understand the views of UK organisations on cyber security. Data is collected on topics including online use; attitudes of organisations to cyber security and awareness of Government initiatives; approaches to cyber security (including investment and processes); incidences and impact of a cyber security breach or attack; and how breaches are dealt with by the organisation. This information helps to inform Government policy towards organisations, including how best to target key messages to businesses and charities so that they are cyber secure (and so that the UK is the safest place in the world to do business online). The study is funded by the Cabinet Office as part of the National Cyber Security Programme.

The underlying data are useful for researchers to better understand the response across a range of organisations (rather than averages) and for wider comparability over time. The survey originally only covered businesses but was expanded to include charities from the 2018 survey onwards. From 2020, the survey includes a sample of education institutions (primary and secondary schools, further and higher education). Please note that the UK Data Service only holds data from 2018 onwards.

Further information and additional publications can be found on the GOV.UK Cyber Security Breaches Survey, 2020 webpage.

Introduction This dataset records all curtailment events experienced by curtailable-connection customers. About Curtailment When a generation customer requests a firm connection under a congested part of our network, there may be a requirement to reinforce the network to accommodate the connection. The reinforcement works take time to complete which increases the lead time to connect for the customer. Furthermore, the customer may need to contribute to the cost of the reinforcement works.UK Power Networks offers curtailable-connections as an alternative solution for our customers. It allows customers to connect to the distribution network as soon as possible rather than waiting, and potentially paying, for network reinforcement. This is possible because under a curtailable connection, the customer agrees that their access to the network can be controlled when congestion is high. These fast-tracked curtailable-connections can transition to firm connections once the reinforcement activity has taken place. Curtailable connections have enabled faster and cheaper connection of renewable energy generation to the distribution network owned and operated by UK Power Networks.The Distribution System Operator (DSO) team has developed the Distributed Energy Resource Management System (DERMS) that monitors curtailable-connection generators as well as associated constraints on the network. When a constraint reaches a critical threshold, an export access reduction signal may be sent to generators associated with that constraint so that the network can be kept safe, secure, and reliable.This dataset contains a record of curtailment actions we have taken and the resultant access reduction experienced by our curtailment-connections customers. Access reduction is calculated as the MW access reduction from maximum × duration of access reduction in hours (MW×h). The dataset categorises curtailment actions into 2 categories: Constraint-driven curtailment: when a constraint is breached, we aggregate the access reduction of all customers associated with that constraint. A constraint breach occurs when the network load exceeds the safe limit. Non-constraint driven curtailment: this covers all curtailment which is not directly related to a constraint breach on the network. It includes customer comms failures, non-compliance trips (where the customer has not complied with a curtailment instruction), planned outages and unplanned outages Each row in the dataset details the start and end times, durations and customer access reduction associated with a curtailment actions. We also provide the associated grid supply point (GSP) and nominal voltage to provide greater aggregation capabilities. By virtue of being able to track curtailment across our network in granular detail, we have managed to significantly reduce curtailment of our curtailable-connections customers. Methodological Approach A Remote Terminal Unit (RTU) is installed at each curtailable-connection site providing live telemetry data into the DERMS. It measures communications status, generator output and mode of operation. RTUs are also installed at constraint locations (physical parts of the network, e.g., transformers, cables which may become overloaded under certain conditions). These are identified through planning power load studies. These RTUs monitor current at the constraint and communications status. The DERMS design integrates network topology information. This maps constraints to associated curtailable connections under different network running conditions, including the sensitivity of the constraints to each curtailable connection. In general, a 1MW reduction in generation of a customer will cause <1MW reduction at the constraint. Each constraint is registered to a GSP.DERMS monitors constraints against the associated breach limit. When a constraint limit is breached, DERMS calculates the amount of access reduction required from curtailable connections linked to the constraint to alleviate the breach. This calculation factors in the real-time level of generation of each customer and the sensitivity of the constraint to each generator. Access reduction is issued to each curtailable-connection via the RTU until the constraint limit breach is mitigated. Multiple constraints can apply to a curtailable-connection and constraint breaches can occur simultaneously. Where multiple constraint breaches act upon a single curtailable-connection, we apportion the access reduction of that connection to the constraint breaches depending on the relative magnitude of the breaches. Where customer curtailment occurs without any associated constraint breach, we categorise the curtailment as non-constraint driven. Future developments will include the reason for non-constraint driven curtailment. Quality Control Statement The dataset is derived from data recorded by RTUs located at customer sites and constraint locations across our network. UKPN’s Ops Telecoms team monitors and maintains these RTUs to ensure they are providing accurate customer/network data. An alarms system notifies the team of communications failures which are attended to by our engineers as quickly as possible. RTUs can store telemetry data for prolonged periods during communications outages and then transmit data once communications are reinstated. These measures ensure we have a continuous stream of accurate data with minimal gaps. On the rare instances where there are issues with the raw data received from DERMS, we employ simple data cleaning algorithms such as forward filling. RTU measurements of access reduction update on change or every 30-mins in absence of change. We also minimise postprocessing of RTU data (e.g. we do not time average data). Using the raw data allows us to ascertain event start and end times of curtailment actions exactly and accurately determine access reductions experienced by our customers. Assurance Statement The dataset is generated and updated by a script which is scheduled to run daily. The script was developed by the DSO Data Science team in conjunction with the DSO Network Access team, the DSO Operations team and the UKPN Ops Telecoms team to ensure correct interpretation of the RTU data streams. The underlying script logic has been cross-referenced with the developers and maintainers of the DERMS scheme to ensure that the data reflects how DERMS operates. The outputs of the script were independently checked by the DSO Network Access team for accuracy of the curtailment event timings and access reduction prior to first publication on the Open Data Portal (ODP). The DSO Operations team conduct an ongoing review of the data as it is updated daily to verify that the operational expectations are reflected in the data. The Data Science team have implemented automated logging which notifies the team of any issues when the script runs. This allows the Data Science to investigate and debug any errors/warnings as soon as they happen.

Other

Download dataset information: Metadata (JSON)

Definitions of key terms related to this dataset can be found in the Open Data Portal Glossary: https://ukpowernetworks.opendatasoft.com/pages/glossary/

As of 2024, 32 percent of businesses that encountered the most disruptive cybersecurity breaches or attacks in the last 12 months in the United Kingdom (UK) reported them to banks, building societies, or credit card companies. A further nine percent reported it to the internet or network service provider.

The UK cybersecurity insurance market is experiencing robust growth, driven by increasing cyber threats and stringent data privacy regulations like GDPR. The market, estimated at £X million in 2025 (assuming a logical extrapolation based on provided CAGR and global market trends – precise figures require further data), is projected to exhibit a compound annual growth rate (CAGR) of 8.00% from 2025 to 2033. This growth is fueled by several key factors. Firstly, the rising sophistication and frequency of cyberattacks targeting businesses of all sizes are compelling organizations to seek comprehensive insurance coverage. Secondly, regulatory pressures are forcing companies to enhance their cybersecurity posture, which in turn increases demand for insurance to mitigate residual risk. Thirdly, the evolving threat landscape, encompassing ransomware, phishing, and data breaches, necessitates robust and adaptable insurance solutions. The market is segmented by product type (packaged and standalone policies) and application type (banking & financial services, IT & telecom, healthcare, retail, and others). Key players like CFC Underwriting, Tokio Marine Kiln, AIG, Beazley, Marsh, Hiscox, AXA XL, Zurich, NIG, and Allianz are competing for market share, offering a range of specialized cyber insurance products to meet diverse organizational needs. The UK, a significant financial and technological hub, is a particularly attractive market for cybersecurity insurers due to the high concentration of businesses with valuable digital assets vulnerable to cyberattacks. The UK market's future growth hinges on several factors. Continued technological advancements and the emergence of new cyber threats will likely drive further demand for insurance. Conversely, potential restraints include factors like fluctuating premiums, challenges in accurately assessing risk, and the complexities of attributing losses to specific cyber events. However, the market is expected to overcome these challenges due to the ongoing digital transformation and increased awareness of cybersecurity risks across various sectors. The segments expected to show significant growth include Banking & Financial Services and IT & Telecom, given their heightened vulnerability and substantial reliance on digital infrastructure. The consistent rise in cybercrime activity and the evolving regulatory landscape suggest that the UK cybersecurity insurance market will continue its upward trajectory throughout the forecast period. Recent developments include: September 2023: Cowbell is committed to addressing cyber risk challenges on a global scale, and our expansion into the UK is a testament to this. Cowbell Prime One is tailored towards SME and mid-market customers and allows brokers to customize cyber policies for different risk exposures, such as email scams, ransomware, and social engineering., March 2023: Cyber insurance provider Coalition is set to enter the excess cyber insurance market in the United Kingdom to help protect businesses with enhanced coverage. The firm has confirmed that it will extend its reach to provide full-follow form coverage and protection of up to GBP 10 million (USD 12126000) above a primary layer of insurance from another insurer for both cyber and technology professional indemnity (PI) lines.. Key drivers for this market are: Data Privacy Regulations, Business Interruption. Potential restraints include: Complexity and Lack of Understanding, Cost of Coverage. Notable trends are: Impact of Cyber Insurance Policy Coverage.

The number and type of information security breaches affecting UK businesses in 2012. Based on a survey of 1,402 UK businesses, carried out in four separate questionnaires.

The Cyber Security Longitudinal Survey (CSLS) helps us better understand cyber security policies and processes within medium and large businesses and high-income charities. It explores the links over time between these policies and processes and the likelihood and impact of a cyber incident. The survey is commissioned by The Department of Science, Innovation and Technology as part of the National Cyber Strategy. It aims to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online. This is the third research year (or wave) of a multi-year study and the data were collected over 2023.

The core objectives of the study are to:

• explore how and why UK organisations are changing their cyber security profile and how they implement, measure, and improve their cyber defences.

• provide a more in-depth picture of larger organisations, covering topics that are lightly covered in the main Cyber Security Breaches Survey (also available from the UK Data Archive), such as corporate governance, supply chain risk management, internal and external reporting, cyber strategy, and cyber insurance.

• explore the effects of actions adopted by organisations to improve their cyber security on the likelihood and impact of a cyber incident.

Further information and additional publications can be found on the GOV.UK Cyber Security Longitudinal Survey pages.

Wave 1 and 2 data from the Cyber Security Longitudinal Survey can also be found on the UK Data Archive under SNs 8969 and 9067 respectively.

This statistic displays the share of cyber security breaches that businesses have experienced in the past twelve months in the United Kingdom (UK) in 2019, by type. Among all respondents, 20 percent have had virus, spyware or malware breaches in the past 12 months, whereas 80 percent had breaches of fraudulent emails or being directed to fraudulent websites.Around half of the businesses in the United Kingdom experienced cyber security breaches or attacks in the last 12 months. In addition, the average cost of all cyber security breaches varies with respect to the company's size.

Between 2004 and 2024, internet users in the United Kingdom (UK) have seen many significant data breaches. In these incidents, users' passwords were the most frequently leaked type of data, with an overall 234.98 million passwords being leaked in the measured period. Username ranked second, followed by names.

Revenue in the Identity Theft Protection Services industry is expected to contract at a compound annual rate of 1.7% over the five years through 2024-25 to £340.5 million. However, surging cybercrime threats is boosting demand for identity protection services. Revenue is set to hike 2.2% in 2024-25, with the average profit margin reaching 5.5%. This results from the accelerated digitalisation of society, cost of living pressures that tend to boost crime, and the spreading of AI and other technologies that allow criminals to create better fishing tactics to steal peoples’ identities. Despite growing concerns about cybersecurity, the mis-sale of payment protection insurance and customer data breaches, which led to financial penalties against Equifax, have significantly weighed on revenue. In response, companies have begun offering identity protection services for free in a bid to regain customer trust and loyalty. Companies with strong brands and international recognition have moved into the UK market through M&A activity; however, the high-profile data leak of Equifax in July 2017 has proven that issues remain in internal security systems. Revenue is anticipated to grow at a compound annual rate of 2.4% over the five years through 2029-30 to reach £383.8 million. The increasing rate of technological advancement and online interactions will require better defences against cybercriminal activity, aiding demand for identity theft protection services. The growing Buy Now, Pay Later market will also drive demand, increasing the likelihood of cyberattacks. Some consolidation activity will likely occur, with companies developing new AI-based identity theft protection technologies, like AI data mining, analysis and projections, to pre-emptively eradicate possible security threats.