| Research Hub | White Papers

T: 0121 702 1659

When it comes to online data, the unfortunate fact is that many of us are simply not doing enough to prevent our information from falling into the wrong hands. From not making sure that a website is secure, to falling for an e-mail scam – there is a whole range of different ways in which malicious people are trying to get their hands on your info.

At First Mats, we take great precautions to protect your personal data and only use secure checkout systems. Below are some of our team's findings on data security.

What are cookies and trackers? 

A cookie is a snippet of information that a website stores on your computer – things like your user name, for example. They can be super handy, speeding up your engagement with websites that you use frequently. You can delete this data locally by ‘clearing cookies’ on your device. 

  • 38.5% of websites use cookies (Correct on 13th May 2022)

Trackers are used by the website to collect information about you. This includes how you interacted with their site – as well as a wealth of personal information such as location, device type, the browser you are using, etc. 

Cross-site trackers, or third-party trackers, collect similar information to normal trackers. The difference is that they are not restricted to one page or site – so your entire browsing session can be recorded in detail. 

  • 482 of the top 50000 websites in the world use third-party trackers to monitor their users across different sites 
Web Cookies Usage May 2022

Paying online

Any website that stores credit/debit card information is legally required to encrypt it. However, data breaches occur, and decryption can follow. When you pay online, it is best practice (although time consuming) not to store your details, and instead input them every single time. 

Online Payments in the UK

Data breaches

Data breaches occur when data is intercepted or taken by a malicious actor – here are the facts and figures: 

  • Human error accounts for 52% of security breaches, and can include weak passwords, poor password discipline, and clicking links/downloading files from phishers 
  • Malware: there are over a billion different malware programs in existence, with 560,000 new pieces detected every day 
  • 39% of businesses, and 26% of charities, in the UK reported a data breach or attack in the year to 2021 
  • Of those, around a fifth resulted in lost money, data or assets 
  • £16.1k is the average cost of a data breach for SMEs in the UK 
  • Up to 88% of UK companies have suffered breaches in the last 12 months 
  • 48% of UK organisations were hit by ransomware in 2020 
  • 13% of UK organisations paid the ransom to release their data 

Cyber attacks 

Cyber attacks cost the UK up to £27billion a year. They can come in many forms – here are some important facts: 

  • DDoS, or Distributed Denial of Service, attacks cost up to £35,000 per attack in lost business and productivity 
  • Phishing attacks on universities in the UK cost each affected university more than £2million 
  • Phishing costs larger companions (over 10000 employees) around £2.4million each time (2015 figures) 
  • Ransomware generates around a billion dollars a year for cyber criminals 
  • There were 638 million global ransomware attacks in 2016 
  • The average cost of a cyber attack in 2021 was a historic high of £3.43million ($4.86million) 

Identity theft 

When your identity is stolen, it means that someone other than you can apply for credit, loans or bank accounts in your name, or even make purchases. Here are the facts: 

  • In 2018, there were 189,108 reported cases of this kind of crime in the UK 
  • 22% of cases are centred on accessing bank accounts 
  • Identity fraud accounts for 61% of all fraud types 
  • There was an 11% increase in identify fraud in the UK in 2021 
  • 7% of UK people have given personal details to an unsolicited caller, e-mailer, or over the internet 

Cyber Crime against Individuals

Cyber Crime is now one of the most common types of crime against individuals, with over 2 million instances in 2015-16 costing an estimates £1.1bn.

Crimes against individuals in the UK 2015-16


The most common passwords 

The top ten passwords globally all take less than a second for someone with malicious intent to crack. In 2021, they were

  1. 1234567 
  2. 1234567890
  3. 123123
  4. 111111
  5. 12345678
  6. password
  7. qwerty
  8. 12345
  9. 123456789
  10. 123456 

Some statistics on passwords

  • 23% of people never change their passwords 
  • 27% of people change them once a year 
  • 10% change them every month 

So, what can you do be safer? 

  • 19% – the number of respondents to a survey who stated they had declined to give personal information to a personal or professional network at least once 

Keep the amount of personal data that you share online to an absolute minimum. Think carefully about everything you publish to your various feeds and profiles – can it be used to find out more than you wanted to share? 

  • 23% – the number of respondents to a survey who stated that they had not used public wi-fi on at least one occasion because of the security risks. 

Be careful when you use free or public wi-fi – remember that the data that you are sharing is not passing directly from your device to the site you are sharing it with, but is passing through the router that you are connected to. 

Be cautious about links and attachments. Is it from a source you personally trust? Were you expecting the link/attachment? If not, it may be an attempt to compromise your data – so think twice before you click through or download 

  • A 12-character password is 62 trillion times harder to crack than a 6 character one 

Create strong passwords. If you are using anything that is on, or closely resembles what is on, the list of common passwords above then you need to change it now. Some good practices include picking two or three random things from around you (through your window, on your desk, in your office, etc) and combining them into a passphrase, or using a password generator programme to build a random string of letters, numbers and characters 

Use multi-factor authentication – where you receive a call, text or e-mail confirming that you are the person logging in. Whenever someone else tries to log into your account, even if they have the correct details, you will be alerted and they will be prevented from continuing.