British Companies Rank Third in Client Data Leaks, Study Finds

Over 600 British firms experienced data breaches exposing consumer data
Businesses in the United Kingdom (UK) have leaked consumers’ data more than most other countries, reveals the latest research by NordPass. Since late 2019, over 600 companies in the UK have suffered data breaches during which various consumer data (e.g., email addresses, passwords, and usernames) was leaked. This number makes up 6% of all such incidents worldwide.

To conduct this study, NordPass partnered with independent third-party researchers who investigated which companies in the UK and other countries in terms of their industry, size, and type (i.e., private, non-profit) are failing to secure consumers’ data the most.

Countries With The Most Consumer Data Leaks

Of around 10,000 companies worldwide that are responsible for exposing clients’ data to hackers, 6% are based in the UK. In total, they have generated over $4 billion in revenue and had around 120.000 employees.

Globally, US companies experienced the most cyber incidents, which led to consumers’ data leaks, with almost 2,300 companies affected. India ranks second with almost 750 organisations. Among the countries in the European Union (EU), Germany and France have experienced most cyber incidents, which led to customers’ data leaks.

“In a constantly challenged cyber environment, businesses no longer have the luxury to store consumer data in plain text on Excel or otherwise neglect basic cybersecurity practices. To avoid financial and reputational risks, companies should consider it their personal duty to ensure clients’ data is secured against online threats, even if the legislation is not there yet,” says Tomas Smalakys, the CTO of NordPass.

Industries Of Concern

Researchers found that entertainment companies in the UK are the worst in ensuring clients’ data. Retail, business services, and technology companies are also not much better, with these industries having experienced similarly many cybersecurity incidents and revealing clients’ data as a result.

Firms operating in transportation, consumer services, and finance fields are also responsible for a significant portion of consumers’ data leaks in the UK.


Private Companies Are The Number One Target

In terms of organiaation’s type, private businesses in the UK were of most interest to hackers. Based on the study, they make up over half of organisations that had their clients’ data stolen. Less so, cybercriminals have also targeted public companies (6%), non-profits (5%), and other types of organisations.

Researchers have also concluded that smaller companies are more likely to experience a data breach and lose clients’ data as a result. In the UK, companies with up to 50 employees had their clients’ data compromised the most.

How To Secure Clients’ Data

Despite intensifying cyber risks, many businesses, especially smaller ones, lack awareness on why they should and how they should secure clients’ data.

Setting up a cyber resilience plan and organising employee training could be a good start, says Smalakys. Additionally, companies should consider network security solutions, such as business VPNs, that restrict unauthorised access to computing systems. They have proved to be an effective solution against malware and other malicious attacks.

Password management is another field to improve, says Smalakys. While many cybersecurity incidents happen simply due to compromised credentials, even the world’s biggest companies do not abandon poor password management practices, reveals an earlier study by NordPass. Up to 32% of their passwords contain a direct reference to the company, which is a gift to hackers.

To address this issue, Smalakys recommends adopting password managers, which allow people within the organisation to store, manage, and share passkeys in an end-to-end encrypted space. In addition, companies can try out passkeys, the new alternative method of online authentication, currently considered the most secure alternative to passwords. Progressive companies, such as Google, Microsoft, Apple, PayPal, and KAYAK, already allow account access with passkeys.