What is a data breach?

A data breach is a violation of a business’ security systems, which leads to the loss, destruction, release, or modification of stored data. Breaches can be accidental or intentional – either way, they are classed as security incidents and can be harmful to businesses and individuals.

What defines a data breach?

Data breaches can take many forms, whether accidental or intentional. The Information Commissioner’s Office (ICO) (external link) outlines some potential scenarios[1]

  • An employee accidentally sending personal data to the wrong person 
  • An external party unlawfully accessing company data
  • The theft or loss of an employee’s laptop that contained company or personal data 
  • A data controller losing, destroying, or altering data without permission (either accidentally or intentionally).

How do data breaches happen?

There are several ways for a data breach to occur, both intentional and unintentional.

Cyber crime

Cyber criminals are often behind data breaches, and can exploit weaknesses in IT security systems. For example, through:

  • Hacking – according to a 2022 Verizon report (external link)[2], this was the top culprit for data breaches. Hacking is used to first gain access to a system before deploying software such as malware, most commonly using stolen details or coding.
  • Malware – criminal software, such as RAM scrapers, specifically designed to leak, alter, or destroy sensitive data. Increasingly, cyber criminals are viewing, copying and/or exporting data for use in ransomware attacks. Malware can even gain access to keyboards to steal users’ passwords. Learn more about malware attacks
  • Social engineering – social engineering is when hackers ‘pretend’ to be someone they’re not (for example, a supplier, customer or vendor) to gain access to sensitive data. Common social engineering scams include phishing emails and financial pretexting.

Employee accidents

Although accidents involving the loss or technical leaking of sensitive data are unfortunate, they are still classed as data breaches. One example is an employee sending an email with a document attachment full of personal data to the wrong external person or company – this is also known as an ‘accidental insider’.

This accidental data exchange can also happen in person too, for example, if someone leaves sensitive documents out on their desk or leaves documents on a train or Tube.

Unauthorised employee use

Employees at all levels hold responsibility when it comes to data protection. They’re often given access to sensitive information regarding clients, co-workers, and the company, and this information can be mishandled and/or leaked.

Data mishandling at the fault of an employee can happen if policy regulations are ignored or not read properly, or if employees simply access, share, delete, or alter data without permission.
Employees may mishandle data for malicious or criminal purposes – for example, to benefit a competitor – or because of a simple lack of cyber security knowledge.

Lost or stolen devices

If employees work from home or move their equipment between locations, their devices can be lost or stolen. It’s likely that laptops and work phones, for example, contain sensitive data, which is at risk of being breached if falling into the wrong hands. The risk is even higher if employees have not encrypted these devices with passwords or Two-Factor Authentication (2FA).

Learn more about cyber security risks for a small business.

What is the most common data breach?

According to the IBM Cost of a Data Breach Report 2021 (external link)[3], the most common form of a data breach is leaked or stolen credentials, such as passwords. Predictable passwords such as ‘1234’ or ‘Password1234’, for example, are extremely easy for hackers to guess and use to gain access to systems.

People who use the same password for multiple platforms are also at a higher risk, as are those who write down passwords or store them in an unprotected document.

What are the potential consequences of a data breach?

If a data breach is not contained fast, it may lead to problems for a person or organisation, as well as the parties whose data has been exposed. The ICO says the UK GDPR (external link) is focused on how a breach can have ‘negative consequences for individuals’ with potential ‘emotional distress’ and ‘physical and material damage’. Someone whose data has been compromised in a breach could fall victim to: 

  • Fraud
  • Identify theft
  • Monetary theft
  • Reputational damage
  • Discrimination[4].

For businesses, a data breach could lead to financial loss and inconvenience. But if customers’ or employees’ personal data is stolen by criminals and used for malicious purposes, then your business may also face reputational damage and fines – especially if you don’t handle the events properly.

How do you handle a data breach?

Although data breaches can appear to come out of nowhere, there are steps you can take to protect yourself. Our annual Cyber Readiness Report details key information from businesses facing the threat of data breaches and other cyber attacks. Below we summarise guidance from the National Cyber Security Centre (NCSC) (external link)[5] into how to respond to a data breach at your business. 

Create an Incident Response (IR) plan

This plan should be your go-to if and when a data breach happens. It can include:

  • A step-by-step or flowchart action plan
  • A checklist of actions to complete
  • Contacts to help investigate and mitigate the impact of the breach
  • Guidance on processes for making relevant and important decisions, including when to report cyber breaches.

Put together a Cyber Security Incident Response Team (CSIRT)

This group of people will be the go-to if a data breach happens. It is usually made up of employees working in IT, HR, and Legal teams. It is a good idea for the contact information for your CSIRT to be in your response plan. 

Create a network diagram

You should compile as much information about all network access points that exist within your business as you can. This includes:

  • All servers, including their locations
  • IP addresses/VLANs
  • Gateways
  • File servers and internal data platforms

This can greatly reduce the time it takes to investigate a breach and take action. 

Ensure you have an evidence log

Your cyber breach evidence log should include all relevant forms of stored and communication data. For example:

  • Emails
  • Logins
  • System activity
  • Proxy server activity
  • Databases

You might take steps here to ensure the storage and usage of this data follows GDPR law – if it doesn’t, your log could initiate a subsequent data breach.

Triage, analyse, contain

Once a data breach happens, going through these three steps could help to mitigate the damage of an incident.

  1. Triage the incident – this allows you to understand just how severe the data breach is and, in turn, how you should react. 
  2. Analyse the conditions – try to find enough information to understand how the breach happened – what, or who, was the source? Was it accidental or intentional?
  3. Contain the breach – use the information you’ve gathered from your analysis to take action against the potential damage of this incident, and to prevent repeats.

Explore more incident management tips from the NCSC (external link)

Protecting against a data breach

Besides putting together a concrete action plan, there are other ways to protect your business from a potentially harmful data breach.

You may now wish to be proactive with your data security – and there are some straightforward steps to take to protect against a data breach.

This includes installing:

  • Firewalls
  • Antivirus software
  • Encryption software
  • MFA (Multi-Factor Authentication)

Plus, you can:

  • Use a VPN (Virtual Private Network)
  • Strengthen password requirements
  • Ensure mobile devices are secure
  • Implement cyber security training for employees
  • Regularly carry out updates and back up data.

Hiscox cyber insurance is another option that can help to financially support you in the face of a cyber incident.

With fast-acting funding to equip you with the tools you need to tackle malware and hackers, cyber insurance is built to support modern businesses.



[1] - https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/#whatisa

[2] - https://www.verizon.com/business/en-gb/resources/reports/dbir/

[3] - https://www.ibm.com/uk-en/security/data-breach

[4] - https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/

[5] - https://www.ncsc.gov.uk/collection/incident-management


Our FAQ pages provide general information and background around the topic covered. FAQ pages are reviewed and monitored periodically by our insurance experts. But the content is not intended to be read as advice and any material is for general information purposes only. If you would like advice for any content, please seek professional assistance.