UMVA has learned that nearly 19,000 security incidents were flagged to officials through the Ministry of Defence's Security Incident Reporting Form (SIRF) in 2025 and the first two months of 2026, averaging 45 reports per day.
These incidents compromised or had the potential to compromise defence assets, including personnel, information, and infrastructure. The data revealed a staggering number of sensitive items lost, including laptops, phones, and USBs, with an average of three losses per day.
Over 1600 SIRF forms were submitted for lost sensitive items, while there were over 200 reports of device thefts and more than 200 reports of lost potentially sensitive paper documents and notes. Of particular concern are the over 600 reported losses of assets classified as Attractive to Criminal and Terrorist Organisations (ACTO), which the MoD warns could constitute a threat to life or support terrorist or criminal threats.
Security experts have expressed alarm over the data, with Professor Alan Woodward warning that it "smacks of complacency." He emphasized that even if equipment is protected and encrypted, it can still be of interest to malicious actors, and that the MoD must be vigilant in its approach to security.
The SIRF Forms also revealed concerns about security approaches on sensitive MoD sites, including nearly 150 occasions where visitors or personnel were not properly escorted, and 22 undeclared relationships with restricted country nationals. Defence Secretary John Healey has been urged to improve the MoD's culture on security.
Professor Woodward stressed that the MoD must prioritize security in a more aggressive geopolitical environment, where overseas countries are likely to seek opportunities to gather information on the military. He emphasized that personnel must be diligent in their approach to security and that the MoD must promote a culture that prioritizes security.
The data has also placed scrutiny on personnel potentially breaking crucial MoD security policies, with over 2,700 reports of security rules and procedures being breached. These breaches could have included bringing personal electronic devices into restricted areas and failing to secure material.
The Chair of the Defence Committee in the House of Commons warned that security breaches can have catastrophic consequences, citing the Afghan data breach as a prime example. The committee chair emphasized that the MoD must promote a culture that prioritizes security and encourages individuals to report security breaches.
The largest number of incidents related to lost, stolen, or misused ID cards, with over 5,000 reports. Security experts warned that ID cards falling into the wrong hands can still pose a threat, emphasizing the need for personnel to be diligent in their approach to security.
A Ministry of Defence spokesperson stressed that the department takes all breaches of security seriously and encourages the use of Security Incident Reporting Forms. The spokesperson emphasized that all incidents are subjected to a security risk assessment, and further action is taken where necessary.