But the truth is, everyone can be a target—whether you're a board member, project manager, executive assistant, or senior leader working on a confidential initiative.
Criminals, whether cyber or otherwise don’t just aim for the obvious entry points; they exploit human nature, trust, and access at every level in the business. So why do some businesses think these threats won’t happen to them?
It’s a psychological phenomenon known as optimism bias, where individuals overestimate their organisation’s security posture and underestimate their vulnerabilities. Here's some of the reasons people think 'it won’t happen to me':
Employees might believe their organisation has invested so heavily in cybersecurity tools, training, and frameworks that they are immune to attacks.
Overconfidence can lead individuals to believe they aren’t an attractive target compared to others, making them more likely to let their guard down.
If an organisation has never experienced a significant data breach, employees may think their size or industry makes them less appealing to attackers.
Employees might assume that competitors, high-profile companies, or government entities are bigger targets, leading them to neglect their privacy practices.
A clean track record can breed complacency, making employees feel safe from potential threats.
Some individuals assume attackers go after 'low-hanging fruit'—less secure organisations—leaving them untouched.
Something new to the organisation such as a merger or acquisition means wider individuals are working on projects that are unique and may fall outside a business’s usual protected environment.
The reality is that privacy breaches and cyber threats can affect anyone within an organisation. Believing otherwise can expose your business to significant risks, such as:
To protect both individuals and the organisation as a whole, a culture of continuous vigilance must be adopted:
While it’s rare for employees to openly express overconfidence, it can manifest in subtle ways—ignoring security protocols, sharing sensitive information over unsecured channels, or assuming someone else is handling privacy concerns. However, privacy-conscious organisations actively work to instil a mindset that prioritises security at all levels.
Whether you're managing a high-profile project or handling day-to-day operations, privacy isn't just an IT issue—it's everyone’s responsibility. The best way to ensure sensitive information remains protected is to embrace privacy as a shared value and take proactive steps to contain and secure communications. Because in today's world, everyone is a potential target.
Compliance sets the rules, but human behaviour defines the risk!
Find out more about the privacy personality spectrum from 'the oversharer' to the 'disgruntled employee' - and uncover who is your leak!
Our infographic shows you why privacy isn't just an IT concern - it's a human challenge.
What it means to truly control access.
Why highly secret situations need more than standard cybersecurity.
Why People-Driven Mistakes Are a Serious Matter
Securing data beyond the basics.
Some of the biggest threats to your organisation’s sensitive data come from within.
Threats don't just come from the outside.
Protect your data in KoolSpan Trust Circles
How unsecured communication can derail reputations and market stability
Who's our leak?
Could it be you in the team working on a sensitive business project
Share this story
We're a community where IT security buyers can engage on their own terms.
We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.