As of January 2025, the most significant data breach incident in the United Kingdom (UK) was the 2017-2018 Dixons Carphone breach. As a result of this incident, 14 million user records were affected, and 5.6 million payment card information was exposed. The Equifax data breach between 2011 and 2016 impacted over 15 million customers nationwide.
The government has surveyed UK businesses, charities and educational institutions to find out how they approach cyber security and gain insight into the cyber security issues they face. The research informs government policy on cyber security and how government works with industry to build a prosperous and resilient digital UK.
19 April 2023
Respondents were asked about their approach to cyber security and any breaches or attacks over the 12 months before the interview. Main survey interviews took place between October 2022 and January 2023. Qualitative follow up interviews took place in December 2022 and January 2023.
UK
The survey is part of the government’s National Cyber Strategy 2002.
There is a wide range of free government cyber security guidance and information for businesses, including details of free online training and support.
The survey was carried out by Ipsos UK. The report has been produced by Ipsos on behalf of the Department for Science, Innovation and Technology.
This release is published in accordance with the Code of Practice for Statistics (2018), as produced by the UK Statistics Authority. The UKSA has the overall objective of promoting and safeguarding the production and publication of official statistics that serve the public good. It monitors and reports on all official statistics, and promotes good practice in this area.
The document above contains a list of ministers and officials who have received privileged early access to this release. In line with best practice, the list has been kept to a minimum and those given access for briefing purposes had a maximum of 24 hours.
The Lead Analyst for this release is Emma Johns. For any queries please contact cybersurveys@dsit.gov.uk.
For media enquiries only, please contact the press office on 020 7215 1000.
As of 2024, the average data breach cost in the United Kingdom (UK) was around **** million U.S. dollars. In the measured period, 2022 registered the highest cost for breached data, more than five million U.S. dollars. The figure, thus, has increased from *** million U.S. dollars since 2020.
During the fourth quarter of 2024, data breaches exposed more than a million user data records in the United Kingdom (UK). The figure decreased significantly from nearly 41 million in the quarter prior. Overall, the time between the first quarter of 2022 and the fourth quarter of 2023, saw the lowest number of exposed user data accounts.
The government has surveyed UK businesses and charities to find out how they approach cyber security and gain insight into the cyber security issues faced by organisations. The research informs government policy on cyber security and how government works with industry to make the UK one of the most secure places to do business online.
You can read the press notice here.
Published
24 March 2021
Period covered
Respondents were asked about their approach to cyber security and any breaches or attacks over the 12 months before the interview. Main survey interviews took place between October and December 20209. Qualitative follow up interviews took place in January and February 2021.
Geographic coverage
UK
Further Information
The survey is part of the government’s National Cyber Security Strategy. Cyber security guidance and information for businesses, including details of free training and support, can be found on the National Cyber Security Centre website.
The survey was carried out by Ipsos MORI.
The UK Statistics Authority
This release is published in accordance with the https://code.statisticsauthority.gov.uk/" class="govuk-link">Code of Practice for Statistics (2018), as produced by the UK Statistics Authority. The UKSA has the overall objective of promoting and safeguarding the production and publication of official statistics that serve the public good. It monitors and reports on all official statistics, and promotes good practice in this area.
Pre-release access
The document above contains a list of ministers and officials who have received privileged early access to this release. In line with best practice, the list has been kept to a minimum and those given access for briefing purposes had a maximum of 24 hours.
Contact information
The responsible analyst for this release is Emma Johns. For any queries please contact 07990 602870 or cyber.survey@dcms.gov.uk.
For any queries relating to official statistics please contact evidence@dcms.gov.uk.
For media enquiries only (24 hours) please contact the press office on 020 7211 2210.
As of January 2024, about ** percent of organizations in the United Kingdom reported experiencing a data breach accident once a month. A further ** percent said they had encountered a data breach event less than once a month in the past 12 months. Meanwhile, ** percent said they had experienced a data breach incident once a week.
A survey conducted in the United Kingdom (UK) between September 2023 and January 2024 found that ** percent of the respondents needed to implement new measures for future attacks. A further ** percent said they added staff time to deal with the breach. Additionally, ***** percent said the incident stopped the staff from carrying out daily work.
Attribution 4.0 (CC BY 4.0)https://creativecommons.org/licenses/by/4.0/
License information was derived automatically
The U.K. ICO fined 23andMe £2.31 million for inadequate data protection, leading to a 2023 breach affecting over 6.9 million users, including 155,000 in the U.K.
The Cyber Security Breaches Survey, 2020 was run to understand organisations' approaches and attitudes to cyber security, and to understand their experience of cyber security breaches. Its aim was to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online.
The data have been collected annually since 2016 to understand the views of UK organisations on cyber security. Data is collected on topics including online use; attitudes of organisations to cyber security and awareness of Government initiatives; approaches to cyber security (including investment and processes); incidences and impact of a cyber security breach or attack; and how breaches are dealt with by the organisation. This information helps to inform Government policy towards organisations, including how best to target key messages to businesses and charities so that they are cyber secure (and so that the UK is the safest place in the world to do business online). The study is funded by the Cabinet Office as part of the National Cyber Security Programme.
The underlying data are useful for researchers to better understand the response across a range of organisations (rather than averages) and for wider comparability over time. The survey originally only covered businesses but was expanded to include charities from the 2018 survey onwards. From 2020, the survey includes a sample of education institutions (primary and secondary schools, further and higher education). Please note that the UK Data Service only holds data from 2018 onwards.
Further information and additional publications can be found on the GOV.UK https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2020">Cyber Security Breaches Survey, 2020 webpage.
The annual reports of the Cyber Security Breaches Survey can be found on the Cyber Security Breaches Survey collection page.
Geographic coverage: UK.
If you would like any further information please contact statistics@dsit.gov.uk.
Date published | Ad hoc detail | Data tables |
---|---|---|
January 2024 | Cyber security practices among organisations who do/ do not adhere to Cyber Essentials |
As of February 2025, the largest fine issued for violation of the General Data Protection Regulation (GDPR) in the United Kingdom (UK) was more than 22 million euros, received by British Airways in October 2020. Another fine received by Marriott International Inc. in the same month was the second-highest in the UK and amounted to over 20 million euros.
Abstract copyright UK Data Service and data collection copyright owner.
The Cyber Security Longitudinal Survey (CSLS) helps us better understand cyber security policies and processes within medium and large businesses and high-income charities. It explores the links over time between these policies and processes and the likelihood and impact of a cyber incident. The survey is commissioned by The Department of Science, Innovation and Technology as part of the National Cyber Strategy. It aims to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online. This is the third research year (or wave) of a multi-year study and the data were collected over 2023.
The core objectives of the study are to:
explore how and why UK organisations are changing their cyber security profile and how they implement, measure, and improve their cyber defences.
provide a more in-depth picture of larger organisations, covering topics that are lightly covered in the main Cyber Security Breaches Survey (also available from the UK Data Archive), such as corporate governance, supply chain risk management, internal and external reporting, cyber strategy, and cyber insurance.
explore the effects of actions adopted by organisations to improve their cyber security on the likelihood and impact of a cyber incident.
Further information and additional publications can be found on the GOV.UK Cyber Security Longitudinal Survey pages.
Wave 1 and 2 data from the Cyber Security Longitudinal Survey can also be found on the UK Data Archive under SNs 8969 and 9067 respectively.
The questionnaire covered the following topic areas:
This statistic displays the share of businesses that have had cyber security braches or attacks in the United Kingdom (UK) in 2019. Among all respondents, ** percent had breaches in the past 12 months. With respect to business size, ** percent of small firms experienced cyber security breaches in the past 12 months.Concerning the size of businesses, micro businesses had *** to **** employees, small businesses had ** to ** employees, medium businesses had ** to *** employees and large businesses had *** employees or more. On the other hand, there were many types of cyber security breaches experienced by businesses in the past 12 months such as malware.
https://www.marketreportanalytics.com/privacy-policyhttps://www.marketreportanalytics.com/privacy-policy
The United Kingdom data center physical security market is experiencing robust growth, projected to reach £89.48 million in 2025 and maintain a Compound Annual Growth Rate (CAGR) of 15.10% from 2025 to 2033. This expansion is driven by several key factors. The increasing adoption of cloud computing and the subsequent rise in data center infrastructure necessitates heightened security measures. Furthermore, growing concerns surrounding data breaches and cyber threats are prompting organizations across various sectors – including IT & Telecommunications, BFSI (Banking, Financial Services, and Insurance), Government, and Healthcare – to invest heavily in advanced physical security solutions. The market is segmented by solution type (video surveillance, access control, and others), service type (consulting, professional services, and system integration), and end-user industry. The demand for sophisticated integrated security systems, combining video analytics, biometric access control, and perimeter security, is a significant trend shaping the market. Competitive pressures among established players like Axis Communications, Bosch, and Honeywell, along with emerging technology providers, are fostering innovation and driving down costs, making these solutions more accessible to a wider range of organizations. The market's sustained growth is also fueled by government regulations promoting cybersecurity and data protection. However, challenges remain. The high initial investment costs associated with implementing comprehensive security systems can be a restraint for smaller organizations. Furthermore, the complexity of integrating various security systems and managing their upkeep might pose operational hurdles. Despite these challenges, the overall outlook for the UK data center physical security market remains positive, with strong growth expected throughout the forecast period (2025-2033). The market's trajectory suggests a significant opportunity for vendors offering innovative, scalable, and cost-effective solutions tailored to the specific needs of data center operators. Recent developments include: February 2024: In the latest release of the Axis operating system, AXIS OS and Axis Communications AB, it was announced that more than 200 network devices, including cameras, intercoms, and 11.8 audio speakers, are supported by the IEEE MAC 802.1sec security standard. Demonstrating the company's continued commitment to device and data security, Axis has become the first manufacturer of physical safety products supporting MACsec Media Access Control Security., October 2023: Zwipe partnered with Schneider Electric’s Security Solutions Group. The French-based multinational Schneider Electric plans to introduce the Zwipe Access fingerprint-scanning smart card to its clientele. This card will be integrated with Schneider Electric’s Continuum and Security Expert platforms, serving a client base from sectors, including airports, transportation, healthcare, and data centers.. Key drivers for this market are: Increasing Demand of Clolud Computing Capabilities Drives the Market Growth, Increase Security Concerns in the Market Drives the Market Growth. Potential restraints include: Increasing Demand of Clolud Computing Capabilities Drives the Market Growth, Increase Security Concerns in the Market Drives the Market Growth. Notable trends are: Video Surveillance is Anticipated to be the Largest Segment.
Abstract copyright UK Data Service and data collection copyright owner.
The Cyber Security Breaches Survey, 2022 (CSBS) was run to understand organisations' approaches and attitudes to cyber security, and to understand their experience of cyber security breaches. The aim of the survey was to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online. Details of changes for the 2022 survey can be found in the Technical Annex documentation.
These surveys have been conducted annually since 2016 to understand the views of UK organisations on cyber security. Data are collected on topics including online use; attitudes of organisations to cyber security and awareness of Government initiatives; approaches to cyber security (including investment and processes); incidences and impact of a cyber security breach or attack; and how breaches are dealt with by the organisation. This information helps to inform Government policy towards organisations, including how best to target key messages to businesses and charities so that they are cyber secure (and so that the UK is the safest place in the world to do business online). The study is funded by the DCMS as part of the National Cyber Security Programme.
The underlying data are useful for researchers to better understand the response across a range of organisations and for wider comparability over time. The survey originally only covered businesses but was expanded to include charities from the 2018 survey onwards. From 2020, the survey includes a sample of education institutions (primary and secondary schools, further and higher education). Please note that the UK Data Service only holds data from 2018 onwards.
Further information and additional publications can be found on the GOV.UK Cyber Security Breaches Survey, 2022 webpage.
Views, experiences and behaviours of organisations (UK businesses and charities) on cyber security and cyber security breaches.
A survey conducted in the United Kingdom (UK) from September 2023 to January 2024 found that around 13 percent of businesses that had identified a data breach incident or a cyberattack in the preceding 12 months had seen at least one outcome after the incident. The most common were the situations where the website or online services were taken down or made slower and the temporary loss of access to files or networks.
The Cyber Security Breaches Survey, (CSBS) is run to understand organisations' approaches and attitudes to cyber security, and to understand their experience of cyber security breaches.. The aim of the survey is to support the Government by providing evidence that can inform policies which help to make Britain a safer place to do business online.
These surveys have been conducted annually since 2016 to understand the views of UK organisations on cyber security. Data are collected on topics including online use; attitudes of organisations to cyber security and awareness of Government initiatives; approaches to cyber security (including investment and processes); incidences and impact of a cyber security breach or attack; and how breaches are dealt with by the organisation. This information helps to inform Government policy towards organisations, including how best to target key messages to businesses and charities so that they are cyber secure (and so that the UK is the safest place in the world to do business online). The study is funded by the DCMS as part of the government's £2.6 billion National Cyber Strategy 2022 to protect and promote the UK in cyber space.
The underlying data are useful for researchers to better understand the response across a range of organisations and for wider comparability over time. The survey originally only covered businesses but was expanded to include charities from the 2018 survey onwards. From 2020, the survey includes a sample of education institutions (primary and secondary schools, further and higher education). Please note that the UK Data Service only holds datasets on each specific year from 2018 onwards.
Cyber Security Breaches Survey: Combined Dataset, 2016-2022 includes data from 2016 to 2022. This is cross-sectional data only and not all variables are included in all years. For longitudinal data, please access the Cyber Security Longitudinal Survey: Wave 1, 2021 (available from the UK Data Archive under SN 8969) and onwards.
Further information and additional publications can be found on the GOV.UK Cyber Security Breaches Survey webpage.
This is because it would breach the first data protection principle as: a) it is not fair to disclose claimant personal details to the world and is likely to cause damage or distress. b) these details are not of sufficient interest to the public to warrant an intrusion into the privacy of the claimant. Please click the below web link to see the exemption in full. https://www.legislation.gov.uk/ukpga/2000/36/section/40 Breach of Patient confidentiality Please note that the identification of claimants is also a breach of the common law duty of confidence. A claimant who has been identified could make a claim against the NHSBSA or yourself for the disclosure of the confidential information. The information requested is therefore being withheld as it falls under the exemption in section 41(1) ‘Information provided in confidence’ of the Freedom of Information Act. Please click the below web link to see the exemption in full.
https://www.mordorintelligence.com/privacy-policyhttps://www.mordorintelligence.com/privacy-policy
The UK Data Center Physical Security Market report segments the industry into By Solution Type (Video Surveillance, Access Control Solutions, Others (Mantraps, Fences, and Monitoring Solutions)), By Service Type (Consulting Services, Professional Services, Other Service Types (System Integration Services)), and End User (IT & Telecommunication, BFSI, Government, Healthcare, Other End Users).
As of January 2025, the most significant data privacy violation fine worldwide was for social media giant Meta. In May 2023, the Data Protection Commission (DPC) of Ireland decided to fine the company with 1.2 billion euros or 1.3 billion U.S. dollars. The Chinese vehicle-for rent company Didi Global ranked second. In July 2022, China's data privacy regulator fined the company 8.026 billion Chinese yuan, or 1.19 billion U.S. dollars. The 2021 Amazon fine issued by Luxembourg's data privacy regulation authorities was 877 million U.S. dollars and was the third-biggest data breach fine as of the measured month. The 2019 fine of 575 million U.S. dollars to Equifax followed. In this incident, because of unpatched vulnerabilities, nearly 150 million people were affected, which caused the American consumer credit reporting agency to pay at least 575 million U.S. dollars.
As of January 2025, the most significant data breach incident in the United Kingdom (UK) was the 2017-2018 Dixons Carphone breach. As a result of this incident, 14 million user records were affected, and 5.6 million payment card information was exposed. The Equifax data breach between 2011 and 2016 impacted over 15 million customers nationwide.