Recorded data breaches across 78 of England’s largest local councils rose 53% over five years, according to research by password management company Passpack. Referrals to the Information Commissioner’s Office (ICO) for the most serious incidents increased 41% over the same period.

The study drew on Freedom of Information responses from 78 of 100 councils contacted, covering 2021 to 2025. In the most recent reporting year supplied by each authority, the councils logged 16,902 incidents on internal breach registers and made 305 referrals to the ICO.

The figures cover a wide range of incidents, from emails sent to the wrong recipient to breaches serious enough to require notification to the regulator. Under UK GDPR, organisations must report a breach to the ICO within 72 hours if it is likely to pose a risk to individuals’ rights and freedoms.

Across the dataset, the ratio of internal incidents to ICO referrals was about 50 to one. This suggests most logged events were minor, but the rise in referrals points to an increase in incidents councils judged serious enough to have potential consequences for residents.

Largest rises

Among authorities with data for the full period, Wiltshire Council recorded the sharpest increase in internally logged incidents, up 601% from 341 in 2021 to 2,391 in 2025. Gateshead Council followed with a 302% increase, while the London Borough of Greenwich rose 215% and Salford City Council 191%.

Wiltshire also recorded the highest total number of incidents in the latest year covered, ahead of Bristol City Council with 721, Wakefield Council with 607, Sheffield City Council with 574 and Manchester City Council with 533.

Bristol recorded the highest number of ICO referrals in its latest reporting year, with 21. Cumberland Council and Cornwall Council each recorded 16, followed by Shropshire Council with 15 and the London Borough of Enfield with 14.

Council responses

Several councils said the figures reflected stronger internal reporting rather than a direct rise in damaging breaches or cyber attacks. Some also stressed the distinction between data-handling incidents and cyber security events.

A Manchester City Council spokesperson said the FOI data covered all types of potential data incidents, including near misses, cases where no data was lost and incidents flagged by other organisations that may have affected the council.

They said such incidents would not necessarily qualify as data breaches, and many did not involve personal data breaches. Many were low-level data-handling issues and did not involve unauthorised system access, malware or external threat actors, but were still reported internally as good practice.

The spokesperson added that annual mandatory GDPR training had improved staff understanding of good data practice and reporting responsibilities. Greater awareness, clearer reporting routes and better detection mechanisms meant issues that might previously have gone unreported were now being logged and managed appropriately.

Manchester also said cyber security and data protection were treated as separate risk areas, and that combining the two would give a misleading impression of its cyber security position. It said there had been no material cyber security incidents affecting core systems or resulting in the loss of personal data, and that a higher number of reported data protection incidents reflected stronger organisational maturity and a more open reporting culture, rather than weaker cyber security controls.

Bristol, which recorded the most ICO referrals, said it encouraged staff to report all suspected incidents, however minor, so they could be investigated and used to improve controls.

Wakefield Council, one of the authorities with the highest internal incident totals, said the figures included minor, non-reportable events and that no cyber attacks had resulted in a personal data breach during the period covered.

Wiltshire Council said its high totals reflected a broad reporting culture that included near misses and incidents identified through data loss prevention tools introduced through Microsoft 365. It added that none of the breaches it had reported to the ICO over the past five years had resulted in enforcement action.

Broader pressure

The findings come as local government faces sustained scrutiny over cyber resilience and data protection practices. Councils hold large volumes of residents’ personal information, including housing, social care, education and benefits data, while many operate under financial pressure.

Several major incidents have affected councils in recent years. Leicester City Council suffered a ransomware attack that disrupted IT systems and phone lines for weeks, while an attack on housing software supplier Locata affected housing websites used by Manchester, Salford and Bolton councils. Following a 2020 ransomware attack, Hackney Council spent more than GBP £12 million in a single financial year on recovery.

The research also noted the lack of a consistent national approach to how local authorities detect, classify and record data incidents. That makes direct comparisons difficult, particularly when one authority logs near misses and another records only confirmed breaches.

The London Borough of Bexley said the increase in reported data breaches should be seen in the context of a more open and mature reporting culture. It said staff had been encouraged to report all actual and potential data breaches, however minor, so they could be investigated, lessons learned and controls improved.

Bexley added that while the overall number of internally reported breaches had increased, the number requiring notification to the ICO had remained broadly consistent. In its view, that suggests the rise was driven mainly by better internal reporting of lower-level incidents rather than an increase in serious breaches, and reflected greater awareness of the importance of data protection across the organisation.

Roke has launched its CORTEXA GUARDIAN counter-drone system, which is already being fielded by military customers in the UK and Northern Europe.

The system targets a persistent problem in counter-uncrewed aircraft operations: many existing tools require specialist operators and extensive training. CORTEXA GUARDIAN was designed so generalist soldiers can use it after training measured in days rather than months, with some users moving from receiving the kit to unsupervised operation in less than 48 hours.

The platform can detect, track and identify multiple low-cost aerial threats at the same time. Its modular design allows users to configure it for different missions and operating conditions.

Instead of relying on dedicated hardware, the interface runs in a web browser on standard devices including laptops, tablets and mobile phones. The physical set-up also avoids specialist equipment, with the system mounted on commercial camera tripods rather than military-specific masts.

That design reflects how the product was developed. Roke worked with armed forces and mission partners across the UK and Northern Europe, then refined the system in response to operational feedback rather than controlled testing alone.

Training focus

The approach is intended to reduce the burden on front-line personnel. Advanced sensing, tracking, prioritisation and classification functions run automatically in the background, leaving operators with only the information needed to make decisions.

This is significant as armed forces and public safety organisations face a growing number of incidents involving small, relatively cheap drones. Such aircraft are an increasing concern because they are easy to acquire, can be deployed quickly, and can complicate the protection of bases, troops and other sensitive sites.

The system is intended for use in layered air defence, giving commanders and operators earlier warning of threats in contested airspace. It is also aimed at dispersed units and forward operating bases where personnel may not have access to specialist counter-drone teams.

Operational use

CORTEXA GUARDIAN was first shown publicly at DSEI 2025 before moving into operational deployment. Early customers had already received and deployed units independently, which Roke described as evidence of the system’s ease of use.

The product is being marketed to government, defence and public safety organisations across NATO and Northern Europe. Border security and critical infrastructure protection are also identified as potential areas of demand.

Counter-drone technology has become a fast-moving segment of the defence market as armed forces seek systems that can keep pace with changing threats without adding major training and support burdens. Suppliers are increasingly focusing on systems that combine sensors and software in a single package and can be upgraded as new drone types and detection tools emerge.

Roke said its architecture was designed to evolve over time, allowing new sensors to be added without changing the operator experience. The company presents this as a way to keep systems usable for non-specialist personnel even as the threat picture changes.

Marc Overton, Managing Director, Roke, said: “Small unmanned systems are among the most disruptive threats facing defence and security forces today. Countering them effectively requires capability that can be integrated rapidly, adapted as threats evolve, and used by the people who need it most, not just specialists.

“CORTEXA GUARDIAN was developed to meet that requirement. It reflects close collaboration with military partners and a clear focus on operational reality. This launch marks an important step in making that capability available more widely.”

Firenze has raised GBP £6 million in an oversubscribed funding round led by Albion VC, with existing investors Outward VC and Form Ventures also participating.

The deal follows a GBP £2.5 million seed round completed 12 months earlier.

The London-based fintech focuses on Lombard lending, a form of borrowing secured against investment portfolios. It provides software and lending infrastructure to wealth managers, independent financial advisers, investment platforms, and banks, enabling them to offer credit to clients without requiring them to sell or transfer their assets.

Firms using its platform now represent almost GBP £200 billion in assets under management. They include Brooks Macdonald, Canaccord Wealth, Artorius, Lincoln, Cerno, Parmenion, P1 and Soderberg.

Demand for this type of borrowing has risen sharply, with the total volume of drawn facilities tripling in the first quarter. Clients are using the loans for purposes including property-related borrowing, education costs, tax planning and inter-generational wealth transfers.

Expansion plans

The new capital will be used to broaden the range of products offered through the platform, expand its software offering for banks and support entry into new markets. Firenze also plans to double its team size as borrower demand rises and more wealth managers add Lombard lending to their client services.

Firenze argues that this part of the credit market has long been dominated by private banks, limiting access for a wider pool of investors. It is targeting wealth managers and platforms that want to provide secured lending without building the underlying credit infrastructure themselves.

Some private banks are also showing interest in using their technology to manage their own Lombard lending activity, including loans against assets not held in custody by the lending institution.

David Newman, Chief Executive of Firenze, outlined the rationale for the fundraising and the choice of investor.

“The market demand for Firenze’s solution has exceeded our expectations and, as a result, our vision has become more ambitious. We therefore felt now was the right time to raise further capital to accelerate our plans. When seeking a partner for this next phase of growth, Jay and Albion stood out. I believe passion and trust are the two most important attributes when choosing a VC to work with, and Jay and Albion have demonstrated that time and again as we got to know one another. We also feel honoured by the continued support of our existing investors, who have shown growing enthusiasm for the momentum behind Firenze,” said Newman.

Investor view

Albion VC backed the company because it sees scope for broader adoption of collateral-backed borrowing in wealth management.

“Firenze has built the foundational infrastructure layer to power the next generation of collateralised credit products, starting with Lombard lending. We’re proud to support the team as they scale. Lombard lending has been one of private banking’s most powerful tools, yet the vast majority of investors have had no access to it. Firenze is democratising that access, bringing Lombard lending to the mass-affluent segment. David and the team have executed exceptionally, signing partners covering over £200bn in assets and delivering a platform that solves custody, capital and compliance challenges simultaneously. That combination of market timing and product depth gave us the conviction to lead this round,” said Jay Wilson, Partner at Albion VC.

Outward VC, which led the earlier seed round, said Firenze had expanded its commercial footprint quickly over the past year.

“When we led Firenze’s seed round, we backed David’s vision to bring Lombard lending beyond the walls of large private banks. Twelve months on, the progress has exceeded our expectations, including a five-fold increase in its partner network, a rapidly growing loan book and a SaaS proposition that’s attracting leading banks and financial institutions, as has the vision for its future. Firenze is now proving that the credit infrastructure it has built can reshape how the entire wealth industry thinks about liquidity. We’re proud to continue our support as the company enters this exciting next phase of growth,” said Andi Kazeroonian, Principal, Outward VC.

The fundraising comes as wealth managers seek new sources of credit for clients who want access to cash without liquidating investment holdings in uncertain markets. Borrowers can often access funds within 24 hours.

Firenze’s recent growth suggests lenders and wealth firms are testing whether secured portfolio lending can move beyond its traditional private banking base into the broader advised wealth market.