Close this search box.

Email Security: The 5 Stages of Data Breach Grief

Table of Contents

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” min_height=”” hover_type=”none” link=”” border_sizes_top=”” border_sizes_bottom=”” border_sizes_left=”” border_sizes_right=”” first=”true”][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” content_alignment_medium=”” content_alignment_small=”” content_alignment=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” class=”” id=”” margin_top=”” margin_right=”” margin_bottom=”” margin_left=”” font_size=”” fusion_font_family_text_font=”” fusion_font_variant_text_font=”” line_height=”” letter_spacing=”” text_transform=”none” text_color=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=””]

Phishing emails are an increasing threat to businesses. Beginning as a simple spam message, phishing can quickly snowball into a serious data breach incident.

This is why email security is so important.

Phishing is a low-risk/high-reward cyber crime method, and it only takes a single person opening a phishing email for a business to face damaging consequences.

Simply put, if successfully ‘phished’, your business could be at risk of the following:“91% of cyber attacks begin with a spear phishing email.”

Malware or ransomware infection

Cyber criminals can either infect your business with malware, or ransom your business for access to its own data.

Stolen information

Significant risk of a data breach, and therefore GDPR fines.

Identity fraud

Cyber criminals can use your business’s identity to infect customers’ systems, damaging trust.

With this in mind, it can also be a traumatic time for the individual responsible.

Let’s examine the five stages of grief following the opening of a phishing email:

1) Denial of a data breach

“I didn’t even click any links or open any attachments” – The realisation that you may have just caused a data breach for your business can be hard to accept.

This is understandable. It takes approximately 191 days to identify a data breach, and the damage caused in that time could be significant – especially with the potential GDPR penalties that may follow.

There is also a negative association with businesses that suffer breaches, potentially leading to reputational damage. If a business cannot look after its own data, why would anybody else trust them with theirs?

Therefore, some tend to avoid disclosing the truth during the stage of denial.

The refusal to accept culpability is a way of coping with the burden of responsibility and the fear of reprisal. However, this soon makes away for anger.

2) Anger over a data breach

“Why did that email even get through to me?!”Quick to assign blame, individuals and businesses may question how the breach even happened and look to those around them.

This is when the gravity of the situation hits, and panic sets in – how did it happen and whose fault was it? You may find yourself asking the following questions:

  • Should your IT department have intercepted the email?
  • Should I have paid more attention?
  • Or, if the email came from an infected business in your supply chain, should they be blamed?

And with phishing attacks taking approximately 20 days to resolve at a cost of around £960,000, frustration is an understandable, if undesirable response.

The anger eventually subsides, and moves beyond into…

3) Bargaining

“Okay, I won’t do it again. I’ll sort it. Somehow. Please just fix it” – The stage in which the signs of acceptance surface, but with regret and desperation.

Typically, individuals seek the path of least resistance and hope that the consequences can be avoided if swift action is taken.

Any opportunity for a return to business as usual will be sought. This may include a host of rash purchasing decisions in the hope that they will shore up an attack that has already happened.

This is where ransomware makes its money – cyber criminals prey on the desperation of an individual or business that needs stability and is willing to pay for it.

4) Depression

“I can’t believe it. I was so busy, I just didn’t realise… It’s completely my fault, but…” Closely followed is depression – a feeling of powerlessness as a result of the cyber attack. This may result in an admission of guilt, and with this, the financial and reputational damages begin to hit.

The ICO (Information Commissioner’s Office) may investigate if any personal data has been leaked, and businesses you work with may begin to question your relationships. Compensation could therefore be required, and an objective assessment of what went wrong.

However, a reluctant admittance is an important step on the way to acceptance.

5) Acceptance

“Okay. So, what tangible steps can I take to prevent it happening again?” The final step of acceptance is inevitable, particularly because GDPR demands disclosure of incidents. It’s simply a case of how long a business takes to come to this step, rather than if.

Disclosure should be given as soon as possible, once the facts have been established. It not only minimises the impact on customers and users but demonstrates a willingness to cooperate.

As for solutions, if your business was breached as a result of a phishing attack then it’s essential that both email security and IT awareness training are reviewed.

Better safe than sorry – Why Neuways recommends email security

Ultimately, we don’t want you to go through the five stages of grief – it’s lengthy, costly, and damaging.

Successful cyber attacks can ruin businesses, particularly SMEs that may not have the financial backing to recover, and attacks via email are the most dangerous threat to your cyber security.

We understand that email security can sometimes be overly sensitive and filter out genuine emails. This is an inconvenience, but it can be resolved with a few simple tweaks to your settings*. Email security is designed like this to protect you in the long run by filtering out malicious emails.

And with phishing attacks costing medium-sized businesses £1.25m on average, these minor inconveniences are incomparable to the level of security on offer.

If you would like to speak to us about email security, whether it’s fine-tuning your settings or discussing a new solution, you can contact us at or 01283 753344.

* If this is happening to you, speak to your IT team or MSP.


Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More
Neuways artificial intelligence
Artificial Intelligence: The Good, The Bad & The Ugly
AI is the Marmite of the IT world. Love it or hate it, the reality is it filters into our everyday lives...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Cyber Security Acronyms Part 1: Neuways
We are helping clients to understand cyber security. We're making it easy for you, as we are jargon busting...
Read More
Password Manager and Security with neuways
Password Managers just became an even more important tool for Employees
The Government has brought in a ban on employees and manufacturers using default passwords.
Read More
Dark Web monitoring
What is the Dark Web?
Dark Web Monitoring identifies whether any of your company data (including login credentials and confidential...
Read More
Password Manager and Security with neuways
Password Security
Business Password Manager Tool Protect your remote workforce with Password Manager Tool, the business...
Read More
WatchGuard WiFi Security
WatchGuard User Services Platform – Simple, Secure and Intelligent WiFi
Why do Neuways partner with WatchGuard? Find out below to see how we improve the cyber security of your...
Read More
Endpoint Security
Endpoint Security
Protect your business with the best in Endpoint Security – How Neuways can help you Protect Your...
Read More

Frequently Asked Questions

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311


Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.