Netflix’s Adolescence has fuelled much discussion around online safety asking how, as a collective, we address online safety issues. With many urging the government, parents, and schools to do more.

From medical records to social media habits, everything we do online generates data. And while most of us assume this information is protected, the uncomfortable truth is that it isn’t. 

Cyber criminals exploit technical vulnerabilities, legal grey areas, and even legitimate organisations to gain access to personal information. Once they have it, it becomes a commodity – traded, sold, or used to manipulate and extort.

The Adolescence phenomena has accelerated the focus around government regulation and technology. In F-Secure’s latest Threat Report, we explored how laws are one way in which the issue needs to be addressed and how encouraging it is that governments around the world are gradually stepping up to strengthen data privacy laws. 

In the US, certain states have recently, or are introducing, new privacy legislations. AI is also changing the privacy regulation landscape in the EU. These laws are a welcome step toward greater transparency, consumer consent, and accountability. Laws can also help to set a baseline for cyber security and set penalties for careless conduct.

However, these laws and legislations can be slow to implement and contain loopholes that bad actors (individuals, groups, or organisations that intentionally cause harm in the digital space) will exploit. 

While regulation is necessary, it’s not enough because laws are slow to catch up with innovation. Meanwhile, threat actors move fast, unconstrained by legal systems, ethics, or borders. They don’t care about compliance frameworks or security protocols. They care about access. As a security professional and ethical hacker, I see a cyber landscape littered with loopholes. And where there’s a loophole, criminals will find it. 

This shows how complex online safety is in the modern digital age. To successfully protect the public online, we at F-Secure, believe a holistic approach is required where online safety is owned by everyone – not just governments and individuals but also the companies who provide outsourced services whether that’s banking, mobile technology, utilities or other.

At F-Secure, we’ve long argued that data protection can’t be left solely to regulators. It’s time for businesses and organisations – of every size and in every sector – to take a more active role in safeguarding digital lives.

The baseline is clear: implement strong security measures. These include encryption, regular software updates, layered defences, secure authentication protocols, and employee awareness training. And always prepare for when things go wrong – not all attacks can be thwarted, but the impact can be reduced with incident response plans and practice.

But there’s also a moral responsibility to go further.

As a startup, if you’re collecting data, ask yourself if you are collecting only the data you truly need? Is it being stored responsibly? Would your customers feel comfortable with the level of protection you’ve put in place?

And crucially, ask yourself if you are educating your customers because most scams don’t start with sophisticated hacking – they start with simple deception which consumers don’t always spot. When consumers aren’t equipped to recognise and respond to threats, even the best security infrastructure can be bypassed and there is an opportunity here for businesses to help and in turn build trust and loyalty.

Security today must go together with good security design of your service and user education. Whether you're a startup, a global tech company, a school, a bank, you can play a role in raising awareness. Teach customers how to spot phishing attempts, design your service’s security settings so that they are accessible and understandable, encourage the use of strong passwords and two-factor authentication and speak plainly – because fear-based, jargon-heavy communication doesn't empower anyone.

We need to stop thinking about online safety as just a legal requirement. It’s a shared mission – one that demands vigilance, innovation, and above all, collaboration between regulators, companies, and everyday users.

For more startup news, check out the other articles on the website, and subscribe to the magazine for free. Listen to The Cereal Entrepreneur podcast for more interviews with entrepreneurs and big-hitters in the startup ecosystem.