Malicious or criminal attacks remained the largest source of breaches, accounting for 59% of notifications, with cyber security incidents the predominant driver. On average, each such incident affected just over 10,000 individuals, indicating the potential scale of a single event in terms of notification, remediation and liability costs. Human error was responsible for 37% of all data breaches (193 notifications), up from 29% in the prior period, suggesting that process, training, and user behaviour remain core components of cyber risk. For cyber, professional indemnity, and management liability insurers, these figures inform assumptions about frequency and severity and contribute to pricing models, retention levels, and aggregate exposure management.