Close
Close
Linkedin
Close
Close

Saving time in the Security department!?

Careless e-mail use costs time, money and reputation: a data breach can quickly require 20 to 40 hours of internal investigation.
Frustrated Security Officer

Over the past week we have spoken to many companies that have a serious problem with staffing in the ICT/Security department. Too few employees and too many questions and problems are the cause. Most problems arise from human error and often originate with e-mail. Below is an overview of the time taken by one incorrectly sent e-mail.

Time investment in the event of a data breach due to improperly sent e-mail

  1. Direct investigation (incident investigation)
    • Ranging from several hours to even several days, depending on the sensitivity of the data and whether the recipient(s) opened the message, forwarded it, etc.
    • Usually coordination is needed between the IT department, the data protection officer (FG) / privacy officer, legal department and sometimes external (security) specialists.
  2. Communication and reporting
    • In case of (possible) risks for data subjects, the data breach must be reported to the Personal Data Authority (AP) within 72 hours. This means a formal notification with an assessment of the severity and the measures to be taken.
    • If necessary, affected individuals should also be informed (this may require additional time and coordination).
  3. Internal monitoring and measures
    • Updates in protocols, training/awareness for employees, modification of technical security measures, etc.
    • This can range from a few extra hours of work (adjustments in procedures, training) to several working days if new tools or processes need to be implemented.

Average estimate: In practice, several FGs/privacy experts indicate that, for an average company, you can easily spend 20 to 40 hours of internal time investigating, reporting, consulting and communicating around one mis-sent e-mail. In larger organizations (where more departments and stakeholders are involved), this can add up to several weeks, especially if highly sensitive data (e.g., medical or financial data) is involved.

Rather not via email

Therefore, in many cases, it is preferable not to send sensitive files via regular e-mail at all. That’s because e-mail by its very nature is not designed with the highest security standards in mind. A document that inadvertently lands in the wrong inbox can lead directly to reputational damage, loss of customer trust and time-consuming internal handling. Consider investigating the extent of the leak, notifying affected individuals, and preparing official notifications to the AP.

Especially in sectors such as healthcare, finance and government, where confidential data is involved, the risks are high. If the data is extremely sensitive, such a data breach can cost much more time and money. Moreover, these incidents are often accompanied by strict oversight or additional scrutiny from regulators.

Fortunately, there are ways to mitigate these risks. For example, Msafe offers a secure solution for sharing documents without having to include them as attachments in your mail. This is because with Msafe, files are securely stored in an encrypted environment and recipients receive a secure link and an SMS. This allows you to set exactly who has access and for how long, and limits the risk of human error.

Minimize risk and save time

  • Do not send sensitive files via regular e-mail: the risk of data leakage is too high.
  • Careless mail use costs time, money and reputation: a data breach can quickly require 20 to 40 hours of internal investigation.
  • Msafe minimizes these risks: by sharing confidential documents via a secure platform instead of sending them as loose attachments.

Want to learn more about how Msafe helps your organization with secure file management and preventing data breaches? Then feel free to contact us or request a no-obligation demo.

Share:

More Posts

Why secure file sharing is only truly safe with security awareness training
Blog

Security awareness training makes secure file sharing truly compliant

Files are still shared by people. And that’s precisely where risk arises. An employee who clicks on a phishing email, shares a document with the wrong recipient, leaves overly broad permissions, or works outside the secure channel because it seems faster, can put pressure on even the best-equipped environment. That’s why secure file sharing, security awareness and compliance training belong together.

Read More »
14/05/2026
Complexity Kills Compliance
Blog

Complexity Kills Compliance

Compliance rarely goes wrong because organizations don’t have policies. It goes wrong because policies become too complicated in practice. Once employees have to deal with cumbersome processes, extra steps, loose portals and unclear exceptions, they look for a faster route. And that’s exactly where the problem begins. What seems secure and compliant on paper quickly turns into shadow IT, workarounds and invisible risks in daily operations.

Read More »
04/05/2026
How do companies comply with GDPR guidelines
Blog

How do companies comply with GDPR guidelines? And why secure file transfer is essential in this

To comply with GDPR guidelines, a privacy statement or secure tool is not enough. Companies must process personal data lawfully, respect privacy rights, take appropriate security measures, manage data breaches and be able to demonstrate that they have their processes in order. The Personal Data Authority lists foundations, privacy rights, security, DPIAs in high-risk situations and accountability among the core components of AVG compliance.

Read More »
20/04/2026
provable-compliance-without-complexity-hennie-jansen
Blog

Proving compliance without complexity: interview with Hennie Jansen, CCO of Msafe

Following our Compliance Summit, ITinsight conducted an interview with Hennie Jansen, Msafe’s CCO. The theme is provable compliance without complexity. Hennie Jansen indicates that it is not a slogan. “It’s a way to bring security, compliance and business closer together. And organizations that get that right in 2026 are building not only better audits, but also more trust, more control and more operational peace of mind.”

Read More »
09/04/2026
KPMG research- why compliance in 2026 calls for Secure File Sharing
Blog

KPMG study: why compliance in 2026 calls for Secure File Sharing

Why is a Secure File Sharing solution indispensable in a good compliance policy? KPMG says in essence, organizations are facing more compliance pressures, increased privacy and cybersecurity requirements, and a growing need for monitoring, reporting and control. Our Msafe Secure File Transfer solution is perfect for an environment where sensitive files are exchanged encrypted, access-controlled and fully traceable.

Read More »
26/03/2026
Automate secure file sharing with the Msafe API
Blog

Automate secure file sharing with the Msafe API

More and more organizations want to automate file sharing. No longer manually uploading, sending and storing, but rather integrating secure file sharing directly into existing processes and systems. Msafe’s API makes this possible. Through an API, applications can automatically upload, share and link files to internal systems such as CRM or document management systems.

Read More »
12/03/2026