The legal sector came 6th place for data breaches in 2023, uncovering persistent compliance issues in the sector. Data breach expert says staff training in basic data handling practices should be prioritised.
Since 2019, the ICO has been tracking reported data breaches. Taking a deep dive into the data, leading UK data breach solicitors, Hayes Connor, highlights which sectors experienced the most data breaches last year and beyond.
Overall, the top 10 offenders, and the percentage of total incidents each sector was responsible for in the last year, were as follows:
- Health: 17.42%
- Education and childcare: 14.44%
- Finance, insurance and credit: 10.93%
- Local government: 9.90%
- Retail and manufacture: 9.76%
- Legal: 7.31%
- Charitable and voluntary: 6.63%
- Land or property services: 4.31%
- Transport and leisure: 3.58%
- Online Technology and Telecoms: 2.92%
Within the legal sector, basic personal identifiable information was breached 85.80% of the time, with economic and financial data also significantly compromised. 80 of the legal sector breaches last year involved children’s data, a concerning revelation considering the sensitivity of such information.
Our analysis points to data emailed to wrong recipient and phishing as the top two reasons for a breach in this industry, highlighting critical areas for immediate action in data handling training.
Additionally, our findings expose a troubling trend; 40.99% of legal sector breaches were reported past the 72-hour deadline mandated by GDPR, risking substantial fines.
Richard Forrest, Legal Director at Hayes Connor, says,
“Despite regulatory advancements, and the introduction of stricter compliance mechanisms, the rate of data breaches remains a serious concern. The recent ICO trends portray a continuous need for vigilance and updated compliance strategies from businesses, especially in how they manage and protect personal data against emerging cyber threats and human error.”
