← All posts
Thought Leadership

You Can’t Fix the Communication Risk You Can’t See

June 27, 2026 · 3 min read

Ask a compliance leader whether communication risk is real, and you will get an immediate yes. Ask them how much of it is sitting in their outbound email right now, and the answer is usually a pause. That pause is the whole problem.

Most risks in a business have a number attached. Security has incident counts. Finance has exposure limits. Communication risk, the wrong line in the wrong email, is usually a feeling rather than a figure. And a feeling does not make it onto a budget.

Why communication risk goes unmanaged

Teams do care. The problem is that they cannot see it. The risk is spread across thousands of messages, written by hundreds of people, and it only becomes visible after something goes wrong, in an archive, an eDiscovery export, or a regulator’s request. By then it is not a risk anymore. It is an incident.

So the conversation gets stuck. “We should probably look at our communication risk” sits on a list, below the things that already have a price tag, until the day it becomes the most expensive line item of the year.

🔬 When the invisible finally becomes visible, it is rarely cheap. IBM’s 2024 Cost of a Data Breach Report put the global average breach at $4.88 million, the highest figure on record. Communication is one of the most common paths for sensitive information to leave a company.

Source: IBM, Cost of a Data Breach Report 2024.

The shift: measure what is already there

The teams that actually move treat this differently. Instead of justifying spend against a hypothetical future incident, they start by measuring what is already happening. How often does risky language appear in outbound messages? In which departments? What kind: legal exposure, regulatory claims, confidential disclosures?

That reframes the whole thing. You are no longer asking for budget to prevent something that might happen. You are responding to a situation you can finally see and count. A vague worry becomes a number, and a number becomes a decision.

How do you quantify communication risk?

The practical path is narrow and specific:

  • Measure at the point of writing, not after the send, so the risk is visible before it leaves.
  • Categorise it, so “risk” becomes legal, regulatory, confidentiality, or conduct, each with its own weight.
  • Report at the team level, so you see where pressure builds without reading anyone’s individual emails.

This is the gap VerbaPulse was built to close. It surfaces communication risk as it is written, names the type, and gives compliance a department-level view of how much is really there. We wrote more about the wider adoption-versus-governance gap in The AI Governance Gap.

You cannot manage what you cannot see, and you cannot fund what you cannot measure. The first step is visibility, before any new layer of protection.


Next: a side-by-side look at where a writing-quality tool ends and a communication-compliance tool begins.

See how VerbaPulse flags risk before an email is sent, right inside Gmail and Outlook.

See VerbaPulse in action →
← Grammarly Business vs VerbaPulse: Writing Quality or Compliance Risk? Pre-send vs post-send compliance: where each one actually catches the risk →