3 min read

Empathy and action: An organization’s responsibility following a data leak

Posted by Wouter Klinkhamer on 12th November 2024

""

The UK's Information Commissioner’s Office (ICO) recently highlighted the critical need for organizations to deliver better support to those affected by data breaches: 

“There are two important things I need organisations to understand: empathy and action. You have a role to stop the negative ripple effect in someone’s life from spreading further. It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn’t happen again. We trust organisations with some of the most sensitive personal information imaginable, yet these data breaches continue to happen. This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations. We need organisations across the country to do better.” - John Edwards, Information Commissioner 

 

The average cost of an incident today stands at 4.88 million US dollars, an increase from 4.35 million in 2022. However, all too often we neglect to consider the other costs to those impacted by a data breach, from financial losses to severe emotional impact. Figures revealed by the ICO show that:  

  • Nearly 30 million people in the UK have experienced a data breach
  • 55% of UK adults reported having had their data lost or stolen
  • 30% of them experienced emotional distress as a result
  • 25% said they received no support from the organizations responsible
  • 32% found out through the media rather than from the organization itself  

The ICO has called for organizations to better support those impacted by data breaches by demonstrating empathy, transparency, and providing real-time guidance on necessary steps after a breach occurs. This approach fosters trust and acknowledges the often profound impact that a data breach can have on individuals. 

However, the importance of a preventive stance cannot be overstated. Organizations have a moral and legal obligation to take all reasonable steps to safeguard data, both as an operational standard and as a preventive measure to avoid the fallout of data breaches. Across the globe, data protection regulations (such as HIPAA, DORA, and NIS2) are evolving to increase the responsibilities on organizations to protect data in email, placing greater emphasis on advanced encryption, multi factor authentication controls, data loss prevention tools, and even proof of delivery. 

Build cyber resilience through real-time email security training for real-world scenarios.

How do data leaks happen? 

Despite the focus on malicious attacks in the media, such as phishing and malware, data from the ICO consistently reveals human error to be the leading cause of data breaches. Incidents such as missent emails, failure to redact sensitive data, or misuse of Bcc regularly see organizations in the headlines for data loss. 

Controlling human error continues to challenge IT and infosec leaders. However, progressive organizations acknowledge the fault lies in their technology, not in their people. After all, email wasn’t developed to be secure and lacks vital security and data loss prevention functionalities required to protect sensitive data before, during, and after sending. To build robust defences and empower people to avoid common causes of data loss, our technology must be enhanced.  

Ultimately, data protection is not just a technical or regulatory box to check. It’s a fundamental duty of care organizations owe to their customers, employees, and stakeholders. The ICO’s call to action serves as a reminder that responsibility for data integrity is an evolving, multi-faceted task. With regulatory bodies and stakeholders demanding higher standards of security, it is time to think of data protection not only as an obligation, but as a moral imperative that requires constant vigilance and improvement. In doing so, we will protect not just data but also the trust and well-being of the individuals who rely on us.  

To find out how we support over 11,000 organizations globally to prevent data leaks and meet complex compliance requirements, get in touch.  

Security awareness training - Commercial CTA

Wouter Klinkhamer avatar

Wouter Klinkhamer

CEO & Co-founder

Published: 12th November 2024

Subscribe to our newsletter
Share this

Enjoy this article? Share the knowledge

Previous

Back to all

Next

Stay informed with Zivver

Subscribe to get more email security tips straight to your inbox.