Reports of employee data breaches to the UK Information Commissioner's Office reached 3,872 in 2025, a 5% increase year-over-year and nearly 29% higher than when recording began in 2019, Infosecurity Magazine reports.

While cyber-related breaches fell 6%, non-cyber incidents jumped 15% to 2,304, according to findings from law firm Nockolds. Nockolds principal associate Joanna Sutton attributed the shift to hybrid working, noting that devices and documents moving between homes and offices create vulnerabilities that cyber tools alone cannot fix. 

Sensitive HR documents, payroll records, medical information, and identity documents are now routinely handled outside controlled office environments. Common non-cyber incidents include lost laptops, paperwork left on trains, misdirected emails, and improperly disposed printed documents. 

Sutton warned that even accidental breaches can expose employers to claims if staff have suffered stress or anxiety. She emphasized that effective data protection requires aligning HR policies and employee training with the realities of hybrid work, as organizations have strengthened digital defenses but neglected physical and procedural safeguards.