A new study has revealed that 69% of UK businesses have self-reported cybersecurity breaches to the Information Commissioner’s Office (ICO) in the past year, marking a significant increase from 53% in 2024. According to the research by Apricorn, 46% of remote or mobile workers knowingly compromised data security, highlighting ongoing challenges in managing data protection in hybrid work settings.
The survey, which included responses from 200 IT security decision-makers across the UK, indicates a shift towards proactive breach management, with only 8% of businesses being reported by third parties, down from 14% the previous year. However, concerns about endpoint management persist, as 61% of organisations express doubts about their mobile workforce’s potential to cause future breaches. Phishing remains the top cause of data breaches, cited by 37% of IT decision-makers, followed by employee mistakes at 33%, underscoring the vulnerability posed by human behaviour.
Employee-owned devices on the rise amid endpoint security concerns
Despite 99% of organisations having remote work security policies, 58% believe employees lack the necessary technology or skills to secure data effectively. The reliance on employee-owned devices has increased, with 56% of organisations allowing personal device use for accessing corporate systems, a 9% rise from last year. Only 19% of respondents require company-provisioned equipment, up slightly from 15% in 2024, reflecting a cautious shift towards better endpoint control.
“Too many organisations are relying on assumptions that policies are followed, that devices are secure, that staff know what to do, but if organisations want to reduce breach risk, they must give staff the right tools to do the right thing,” said Apricorn EMEA managing director Jon Fielding. “Self-reporting breaches is a positive step, but if organisations want to reduce how often they’re doing it, they must bridge the gap between written policy and operational readiness. This includes clear provisioning of secure tools like hardware-encrypted drives, restricting data movement to known systems, and prioritising the secure handling of data at every endpoint.”
Technical and operational issues remain a concern, with 37% of organisations uncertain about data security and visibility. Additionally, 16% report inadequate technology support for secure remote working, and 11% lack clarity on which datasets require encryption. The complexity of managing remote technologies is growing, with 47% of organisations finding it increasingly difficult to manage the technology needs of remote workers. Furthermore, 35% report that remote working complicates GDPR compliance, possibly due to issues related to cyber sovereignty and data localisation.
Read more: Cyber breaches fall to 43% of UK businesses, but cybercrime remains high
