New analysis of ICO data by Reward Gateway | Edenred reveals the UK sectors most likely to self-report data breaches under GDPR legislation, alongside seasonal reporting trends and highlights why HR must play a central role in how organisations respond.

Between 2023 and the first quarter of 2025, nearly 22,000 self-reported data breaches were submitted to the Information Commissioner’s Office (ICO). These breaches range from misdirected emails and lost laptops to cyberattacks exposing customer records or employees sharing sensitive data inappropriately.

Sectors under pressure

The analysis shows that breaches are most prevalent in industries managing large volumes of sensitive personal data. The health sector reported the highest number of incidents (3,820), followed by education and childcare (3,246), retail and manufacturing (2,385) and finance, insurance and credit (2,175).

Seasonal patterns also emerged. The final quarter of both 2023 and 2024 saw the most breaches (5,726 in total), with November alone accounting for over 2,000 reports.

The hidden impact on employees

Under UK GDPR, organisations must report breaches to the ICO within 72 hours if they pose a risk to individuals’ rights and freedoms, and in some cases notify affected individuals directly. While much of the focus is rightly on compliance and protecting customers, the internal toll on employees is often overlooked.

Chris Britton, People Experience Director at Reward Gateway | Edenred, explained:

“A data breach can have far-reaching consequences for organisations and it is right they place emphasis on meeting legal requirements and customer needs in the aftermath. But often the impact on the workforce is overlooked, which could delay and damage both short- and long-term recovery.

Being under investigation by the ICO can create paranoia, stress and uncertainty. Employees may feel guilt even if they followed protocols, while restricted systems and disrupted ways of working add to frustration. The result is a significant impact on wellbeing, productivity and morale.”

The HR role in incident response

Britton outlined five ways HR can reduce disruption, protect wellbeing and strengthen organisational resilience:

Prioritise wellbeing year-round – Burnout and stress are leading causes of human error, which accounts for most data breaches. A healthy, engaged workforce is the first line of defence.

Encourage work-life balance. Discouraging excessive working hours helps reduce stress and supports focus on daily priorities, including data security.

Build loyalty through investment. Offering competitive pay, training and career opportunities builds engagement and loyalty, motivating employees to safeguard the organisation.

Involve HR in incident planning. Breaches are not just an IT or compliance issue. HR must play a role in reassuring, informing and supporting employees during response efforts.

Provide real-time training. Ongoing education ensures staff can recognise evolving threats, boosting both cybersecurity and employee confidence.

A shared responsibility

The data underscores the growing frequency of breaches, but also highlights the human factor at their core. For organisations, effective breach response must go beyond technical fixes embedding HR as a key stakeholder is essential to protecting not only data, but also the people who manage it.