Predicted Trends in Data Breaches 2024: How Will the Landscape of Data Breaches Change in the Coming Year?
Christine Sabino, Legal Director at Hayes Connor, explores challenges, trends and predictions surrounding data breaches in 2024.
Preventing data breaches involves implementing a combination of technical, organisational, and procedural measures. In 2023, the biggest cause of data breaches has been human error; what we feel is a direct result of lack of employee training in handling data, and education surrounding the consequences of what may appear to be a small breach.
Despite efforts from businesses and individuals to combat data breaches, much is still yet to improve. As experts in the field, we wanted to provide insights into how we predict the landscape of data breaches will change in 2024, from the cost of data breaches, to how AI will play in part in preventing and possibly causing them.
With this in mind, what can we expect to see change in 2024? Our predictions include:
- Mandatory Updates to Business GDPR Training
- Cost of Data Breaches to Increase
- Changes to ICO legalisation in 2024
- Local Government, Education and Healthcare Sectors at the Forefront of Data Breaches in 2024
- Increase in Cyber Hacking
- The Increased Use of AI in Processing Data Breach Law
- Increased Use of AI to Prevent Data Breaches Among Organisations
- AI Causing Data Breaches in 2024
Let’s delve in…
2024 Data Breach Predictions
Mandatory Updates to Business GDPR Training
Studies show that 88% of data breaches are caused by staff error. This reveals a shocking lack of education across the board; a problem which is very much the responsibility of the employer.
As it stands, many employers will incorporate full cohort GDPR training as a box-ticking exercise. Some may even be providing comprehensive training as part of their induction process for new starters. Whilst it’s recommended this training is done annually – or biannually at a minimum - to keep up with changes in law and refresh staff, this is not happening.
In response to this on-going issue, and the huge number of data breaches occurring monthly, we predict mandatory GDPR training will become a requirement for businesses over a certain number of employees, if not in 2024 then soon, to reduce the eventuality of human error data breaches.
This will have to be implemented by changes in government legislation or ICO recommendations. Alternatively, perhaps business insurance cover may require more evidence of training taking place to cover the cost of damages that occur from a data breach.
Cost of Data Breaches to Companies to Increase
As of 2023, the UK Government approximates that, on average, each business—regardless of size—experiences a significant breach leading to a loss of approximately £1,100. To delve deeper into these figures, the estimated cost of the most severe breaches for charities is around £530, while medium and large businesses incur losses of about £4,960.
Over the past 12 months, an estimated 2.39 million cybercrime incidents have impacted businesses in the UK. These incidents have contributed to an 8.1% increase in the average cost of a data breach within the country, resulting in a cumulative expense of £4.56 million. Notably, this surge in costs is reflected in the recording of around 49,000 fraudulent incidents across all UK businesses attributable to cybercrime.
Predicting the future trajectory, it is reasonable to anticipate a continued upward trend in the cost of data breaches. Factors such as the evolving sophistication of cyber threats, increased regulatory scrutiny, and the expanding scope of business’ digital presence suggests that the financial repercussions of data breaches are likely to escalate.
As the cyber landscape advances, organisations will likely need to improve their cybersecurity measures, contributing to a further rise in the overall cost of addressing and preventing data breaches.
Apart from the financial implications, there are non-monetary losses that businesses may face. The erosion of trust from customers and business partners could have a more significant impact on UK businesses in 2024, especially considering the rising expectations for enhanced data protection practices.
Changes to ICO legalisation 2024
Based on the ICO’s priorities for 2023/24, in the coming year we expect to see a crackdown on legalisation surrounding sectors that involve safeguarding children’s data. The ICO’s priorities include:
- The use of AI in recruitment
- Child protection
- Extraction of mobile data – compliance in criminal cases
- Conducting privacy and electronic communications regulations audits
- Financial services – examining data on a range of financial technologies
Given the focus on child protection and the recent passage of the Online Safety Bill this year, we anticipate additional legislation in the future aimed at sectors that handle children’s data regularly, including local authorities, social services, education, police, and health.
New legislation may involve heightened emphasis on training for GDPR practices, increased intervention measures, and the potential for more stringent fines.
Local Government, Education and Healthcare Sectors at the Forefront of Data Breaches in 2024
In 2022, our comprehensive report on data breach trends, as documented by the ICO, highlighted a concerning picture. Despite notable data breaches within law enforcement, it is apparent that the healthcare sector remains one of the most severely affected by data breaches as of October 2023.
In the previous year, 15% of data breaches exposed economic and financial data. With the increasing sophistication of hacking techniques and lack of employee education, it is anticipated that this percentage will rise in 2024.
The repercussions of a data breach have been vividly demonstrated in 2023, notably with the Arnold Clark incident affecting thousands and the PSNI breach in Northern Ireland, where the consequences reached a point of posing life-threatening risks.
Our ongoing concerns centre around three specific sectors: education, local government, and healthcare. We predict these sectors will be at the forefront of data breaches in 2024, despite efforts from the ICO to tighten security. These sectors handle the data of the most vulnerable members of society, and a data breach could have profound financial and emotional implications.
Increase in Cyber Hacking
In 2023, we saw a string of attacks on organisations, including various police forces in the UK. High profile hacks, such as the PSNI data breach, shows that even organisations we expect to have a high level of security can be hacked.
As a result, we predict an increase in further cyber hacking in organisations that hold a lot of sensitive information. This could involve healthcare sectors, education, and governments.
The Increased Use of AI in Processing Data Breach Law
For the legal profession itself, Artificial Intelligence (AI) represents both a threat and an opportunity. From automating mundane tasks to generating novel solutions, AI technology and predictive text are empowering legal professionals across various industries to achieve more with less.
In November 2022, we saw the launch of popular AI chatbot, ChatGPT. Since then, several more AI chatbots, including Bard, Bing Chat, and others, have proven popular across many sectors.
The increased use of AI in the legal sector will help with many tasks, including:
Incident Response
AI can streamline incident response processes by automating certain tasks, such as analysing the scope of a breach, identifying affected systems, and recommending appropriate remediation actions. This can significantly reduce the time it takes to contain and mitigate the impact of a data breach.
Legal Compliance
AI can assist organisations in staying compliant with data protection regulations by continuously monitoring and updating policies based on evolving legal requirements. It can automate the process of assessing data processing activities against relevant laws and regulations.
Contract Review and Analysis
AI-powered contract review tools can quickly analyse and identify potential risks in contracts, ensuring that third-party vendors and partners comply with data protection requirements. This is particularly important in the context of data breach laws, where contractual obligations play a significant role.
Legal Research
AI-powered tools can assist legal professionals in staying informed about the latest developments in data breach laws. They can quickly analyse and summarise legal documents, helping legal teams navigate complex regulatory landscapes.
Increased Use of AI to Prevent Data Breaches Among Organisations
Already this year, there have been various local governments audited, alongside charities and education organisations. Perhaps we will see the use of AI here again, which can help organisations prevent cyber hacking through predictive analytics.
Predictive analytics can help identify potential vulnerabilities and weak points in an organisation's cybersecurity infrastructure. By anticipating potential threats, organisations can proactively address these issues before they lead to a data breach.
However, this will rely on modernising organisations that are typically ‘set in their ways’ when it comes to data handling. Even so, it is clear these changes are needed going into 2024.
AI Causing Data Breaches in 2024
We have previously discussed concerns regarding the use of AI within business, concerns which we predict will grow in 2024, what with many sectors incorporating the use of AI to automate documentation and expedite processes.
Though AI tools can help organisations manage data, many are worried about sensitive data being entered into the chatbots to begin with. More specifically, if a lawyer were to input confidential client information into a chatbot to summarise or organise it, would this information be regurgitated later down the line? After all, the Large Language Models are supposedly capable of digesting information and educating themselves over time.
What Impact Do Data Breaches Have on Individuals and Businesses in 2024?
Data breaches can have a significant impact on both businesses and individuals. For businesses, the consequences can include financial losses, damage to reputation, and legal ramifications.
The costs associated with addressing a data breach, such as investigating the incident, implementing security measures, and compensating affected parties, can be substantial. Moreover, customers may lose trust in the company, leading to a decline in sales and long-term damage to brand image.
On the individual level, people may experience various negative effects after a data breach. Their personal information, such as names, addresses, and financial details, could be exposed, leading to identity theft, financial fraud, or other malicious activities.
The emotional toll of having one's privacy violated can also be significant. Additionally, individuals may need to invest time and effort in resolving issues related to the breach, such as updating passwords, monitoring accounts for suspicious activity, and dealing with the aftermath of any identity theft.
In short, data breaches create a ripple effect, impacting both the business entities and the individuals whose information has been compromised. It underscores the importance for robust cybersecurity measures and vigilant protection of sensitive data.
Have You Been Affected by a Data Breach in 2023?
Even if victims of a data breach don't directly face financial losses, discovering that your information has ended up in the wrong hands can be an incredibly stressful situation.
Organisations are legally required to safeguard your data, and failing to meet this obligation can have severe consequences. Those affected may have the opportunity to seek compensation.
At Hayes Connor, our specialised solicitors have extensive experience in handling data breach claims. We offer clear support and guidance on the steps to take if your data has been compromised.
We take the time to understand the details of your case, its impact on your life, and the potential compensation you may be entitled to.
For more information on our expertise in handling data breaches and the claims process, please see here
To initiate a data breach claim, you can use our online claim form.