Data protection watchdog warns of growing threat of cyber attacks

  • Data Protection

Peninsula Team, Peninsula Team

(Last updated )

According to a new report published by the Information Commissioner's Office (ICO), more organisations than ever are experiencing cyber security breaches that put people’s personal information at risk.

The Learning from the Mistakes of Others report has practical advice to help organisations to understand common security failures and take simple steps to improve their own security, preventing future data breaches before they can happen.

It analyses the data breach reports it has received and shares lessons that can be learnt from common security mistakes.

Over 3000 cyber breaches were reported to the ICO in 2023, with the finance (22%), retail (18%) and education (11%) sectors reporting the most incidents. In one example, a simple phishing email to a construction company compromised the personal information of over 100,000 people.

What should I do to prepare for any subject access requests that I might receive?

Get instant, expert answers to your HR questions...

Ask Brainbox
0800 158 2313Speak to an expert 24/7

The ICO’s Deputy Commissioner — Regulatory Supervision, Stephen Bonner, said: “People need to feel confident that organisations are doing as much as they possibly can to keep their personal information secure. While cyber attacks are growing more sophisticated, we find that many organisations are not responding accordingly and are still neglecting the very foundations of cyber security.”

The report focuses on:

•           phishing — where scam messages trick the user and persuade people to share passwords or accidentally download malware

•           brute force attacks — where criminals use trial and error to guess username and password combinations, or encryption keys

•           denial of service — where criminals aim to stop the normal functioning of a website or computer network by overloading it

•           errors — where security settings are misconfigured, including being poorly implemented, not maintained and/or left on default settings

•           supply chain attacks — where products, services or technology being used are compromised and then used to infiltrate the systems.

Visit BrAInbox today where you can find answers to questions like Do I need to do anything before I start monitoring staff?

Related articles

  • Employment tribunal service

    Blog

    Employment Rights Bill returns to the House of Commons

    Parliament’s summer recess has now come to an end and the Employment Rights Bill is now returns to the House of Commons following the House of Lords passing its third reading.

    Peninsula Logo
    Peninsula TeamPeninsula Team
    • Employment Rights Bill
  • Peninsula Group Limited - An employer exploring a data breach

    Blog

    ICO launches consultations on data protection reforms

    The Information Commissioner’s Office (ICO) has launched two new consultations on changes to data protection laws that are set to be introduced under the Data (Use and Access) Act 2025 (the Act), which received Royal Assent on 19 June 2025.

    Peninsula Logo
    Peninsula Team Peninsula Team
    • Corporate Governance
  • Someone paying for something online with a card

    Blog

    Care home manager jailed in £55k fraud

    A woman in charge of vulnerable people’s finances has been jailed after abusing her position to steal more than £55,000 directly from residents’ bank accountsr-old Contractor was crushed to death while working at Tata steel’s Port Talbot steelworks. The fatal incident led to a prosecution, and in July 2025, the company was fined £1.5 million following an HSE investigation that uncovered serious safety failings.

    Peninsula Logo
    Peninsula Team Peninsula Team
    • Business Management

Try Brainbox for free today

When AI meets 40 years of Peninsula expertise... you get instant, expert answers to your HR and health & safety questions

Ask a question now
0800 158 2313Speak to an expert 24/7