Companies today work with a lot of sensitive customer data, so protecting that information is essential. Given how prominent the need for cybersecurity is, some businesses would rather keep it private when a breach occurs. Secrecy in that area is typically unfair to customers, though, leading whistleblowers to publicise the incident.
The word “whistleblower” has a common association with government agencies or large corporations engaging in illegal activity. In cybersecurity, whistleblowers’ role isn’t always as dramatic, but is equally vital. Even if a company didn’t break any laws, data breaches are grave issues that affected parties deserve to know about.
Whistleblowers don’t only encourage fair treatment of customers. They push cybersecurity forward.
In 2019 alone, there were more than 1,500 data breaches, exposing more than 164 million records. When a company doesn’t come clean about these breaches, customers could become victims of identity theft or similar crime without knowing about it. Whistleblowers let them know if they should take any security steps and their impact doesn’t stop there.
By calling companies out when they try to sweep cybersecurity incidents under the rug, whistleblowers hold them accountable. As a result, whistleblowers enforce cybersecurity standards. If the company broke the law in its data breach, whistleblowers ensure they see appropriate consequences. Even in areas with no cybersecurity laws, this publicity inspires justice from consumers.
When consumers see that a company tried to hide a data breach, they’ll likely take their business elsewhere. They will switch their loyalty to providers with stringent security standards and more transparency. If no one ever heard about the breach, this general increase in data safety would never happen.
A company doesn’t have to experience a breach or an incident with a whistleblower to improve. Whistleblowers have outed companies in the past, which holds other businesses to a higher standard. Not wanting to experience a similar incident, companies will take cybersecurity and transparency more seriously.
Data breaches have a profound impact on customer loyalty. On average, 31% of customers stop doing business with a company after a breach and stock prices drop by 5% after one day. The effects are typically even more severe if the company tried to hide the incident.
Given that cost and the history of whistleblowers holding businesses accountable, companies want to ensure higher security. As whistleblowers reveal more breaches, more businesses will take steps to improve their cybersecurity to avoid the same fate. If no one keeps companies accountable, this upward trend in security might not be as robust.
As critical as whistleblowers are to cybersecurity, they take a risk when outing a company. Though whistleblowing improves overall security and protects customers, it can hurt the businesses that tried to keep incidents secret. As a result, many companies may take action against whistleblowers, even to the point of terminating their employment.
A few legal regulations offer protection to whistleblowers. The False Claims Act, which deals with fraud against the government, offers 15% to 30% of any recovery to whistleblowers, among other protections. Still, not every case falls under this act and other regulations are few and far between.
In some cases, courts have granted whistleblowers compensation for actions their employer has taken against them, like termination. Not all whistleblowers will see these rewards for their work, though. Until more blanket protections are in place, cybersecurity whistleblower cases may remain low.
Few issues today are as pressing as cybersecurity and whistleblowers help uphold cybersecurity standards. These workers are an essential, if overlooked, aspect of data security. Instead of fearing these actions, companies should encourage them and respect their positive impact on cybersecurity.
Devin Partida is a technology writer and the Editor-in-Chief of the digital magazine, ReHack.com. To read more from Devin, check out the site.