Data Breaches

Key takeaways

  1. Data breaches and cyberattacks are the “release of secure or confidential information to an untrusted environment.”

  2. Unless the data breach was so vast that it justifies dedicating an entire analysis on it, analyses on this topic need to show that this was not an isolated event, demonstrating a history of wrongdoing, neglect, and lack of regulations.

  3. Your introduction should provide information on how data breaches contribute negatively to society, even if it is not directly linked to the company itself, helping the reader make an educated assumption about the impact’s breadth, depth, and persistence.

What are they?

“A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.”


SDG choice

Most used SDGs include:

✅ SDG 9

✅ SDG 16

This article, about cybersecurity, can help you identify the correct SDG for your analysis.

Impact assessment

An analysis about one specific data breach takes the risk of being anecdotal. We do not want to report every single data breach that a company has faced. This kind of event is only useful if it serves to illustrate a broader issue, e.g. a history of repeated dishonest behaviour, neglect, and lack of regulation from the company to many of its clients/employees/users.

Unless the data breach and underlying wrongdoing are so significant that it would in itself justify a dedicated analysis, you should broaden the impact analysis to the larger issue, not just the specific data breach. Read more here on finding the right granularity level.

Beyond negatively impacting the company, data breaches and cybersecurity attacks have short and long-term consequences on employees/clients/consumers’ lives. They can result in identity theft, fraudulent credit card activity, and on a more interpersonal level, emotional challenges such as stress.

In your analysis, try to go beyond reporting the data breach(es) and measure the social impact it has had on individuals. You can use studies as proxies. Learn more in the article Step 5: Assess scale and value.

Also, describe the scale of the impact by taking into account:

1/ The breadth of the impact

  • Is the impact local, national, or global?

  • How many people are affected? Thousands? Millions? Billions?

As a rule of thumb, if it affects at least 1 million people, it is considered significant. Although, please bear in mind that this is not always the case, as, at times, it could be regarded as unfair to expect an impact to touch that many lives. Thus, this is flexible.

2/ The depth of the impact

  • Is the life of people concerned deeply affected, or does the issue just marginally impact them?

  • Are the changes brought by the issue profoundly changing society?

3/ The persistence of the impact

  • How long would the impact described last for? Months? Years? Decades?

  • How reversible is the impact described in the impact analysis? Can it be easily stopped/extended?

Recommended articles