Close
Close
Linkedin
Close
Close

Saving time in the Security department!?

Careless e-mail use costs time, money and reputation: a data breach can quickly require 20 to 40 hours of internal investigation.
Frustrated Security Officer

Over the past week we have spoken to many companies that have a serious problem with staffing in the ICT/Security department. Too few employees and too many questions and problems are the cause. Most problems arise from human error and often originate with e-mail. Below is an overview of the time taken by one incorrectly sent e-mail.

Time investment in the event of a data breach due to improperly sent e-mail

  1. Direct investigation (incident investigation)
    • Ranging from several hours to even several days, depending on the sensitivity of the data and whether the recipient(s) opened the message, forwarded it, etc.
    • Usually coordination is needed between the IT department, the data protection officer (FG) / privacy officer, legal department and sometimes external (security) specialists.
  2. Communication and reporting
    • In case of (possible) risks for data subjects, the data breach must be reported to the Personal Data Authority (AP) within 72 hours. This means a formal notification with an assessment of the severity and the measures to be taken.
    • If necessary, affected individuals should also be informed (this may require additional time and coordination).
  3. Internal monitoring and measures
    • Updates in protocols, training/awareness for employees, modification of technical security measures, etc.
    • This can range from a few extra hours of work (adjustments in procedures, training) to several working days if new tools or processes need to be implemented.

Average estimate: In practice, several FGs/privacy experts indicate that, for an average company, you can easily spend 20 to 40 hours of internal time investigating, reporting, consulting and communicating around one mis-sent e-mail. In larger organizations (where more departments and stakeholders are involved), this can add up to several weeks, especially if highly sensitive data (e.g., medical or financial data) is involved.

Rather not via email

Therefore, in many cases, it is preferable not to send sensitive files via regular e-mail at all. That’s because e-mail by its very nature is not designed with the highest security standards in mind. A document that inadvertently lands in the wrong inbox can lead directly to reputational damage, loss of customer trust and time-consuming internal handling. Consider investigating the extent of the leak, notifying affected individuals, and preparing official notifications to the AP.

Especially in sectors such as healthcare, finance and government, where confidential data is involved, the risks are high. If the data is extremely sensitive, such a data breach can cost much more time and money. Moreover, these incidents are often accompanied by strict oversight or additional scrutiny from regulators.

Fortunately, there are ways to mitigate these risks. For example, Msafe offers a secure solution for sharing documents without having to include them as attachments in your mail. This is because with Msafe, files are securely stored in an encrypted environment and recipients receive a secure link and an SMS. This allows you to set exactly who has access and for how long, and limits the risk of human error.

Minimize risk and save time

  • Do not send sensitive files via regular e-mail: the risk of data leakage is too high.
  • Careless mail use costs time, money and reputation: a data breach can quickly require 20 to 40 hours of internal investigation.
  • Msafe minimizes these risks: by sharing confidential documents via a secure platform instead of sending them as loose attachments.

Want to learn more about how Msafe helps your organization with secure file management and preventing data breaches? Then feel free to contact us or request a no-obligation demo.

Share:

More Posts

Alternative to Zivver?
Blog

Alternative to Zivver?

Msafe Secure File Transfer is especially a logical alternative to Zivver
when you want to standardize file exchange with externals with strong governance and EU hosting as an explicit starting point.

Read More »
05/02/2026
Msafe - Secure file sharing is simple when designed correctly
Blog

Secure file sharing is simple when designed correctly

“Secure file sharing is simple when designed correctly” sounds like a slogan, but it is primarily a design principle. In practice, secure file sharing only becomes “complicated” when organizations try to fix an insecure process with extra steps, exceptions and loose tools.

Read More »
17/12/2025
EU Data Act explained- from protecting to exploiting
Blog

EU DataAct’s impact on data sharing

We spoke with Huub de Jong, partner and legal expert in European data legislation.
In this interview he shares his views on the legal impact of the Data Act, the challenges for organizations as well as the role of technology in the demonstrably secure sharing of data.

Read More »
03/12/2025
Trends in secure file sharing for 2026
Blog

Trends in secure file sharing for 2026

Secure file sharing in 2026 is not just about secure transfer, but about demonstrable control of risk. In this article, we list seven trends and show how Msafe Secure File Transfer helps organizations lead the way.

Read More »
27/11/2025