The Psychological Effects of Continuity Threatening Cyber Incidents




Cyberpsychology, Cyber Defence, Resilience, Mental demand, cyber incident, Psychological effects of cyber attacks


Working in the field of cybersecurity has been compared to working in a warlike environment. Understanding what types of psychological strain cyber attacks cause to the defending organisations’ workforce can aid in developing methods and processes for mitigating those stressors. This paper discusses the first-hand psychological effects of experiencing an operational continuity threatening cyber incident caused by a real threat actor. The results are based on 19 interviews from IR professionals and IT security practitioners to decision makers, CISO’s and other top executives. These individuals were working in multi-national corporations, hospitals, central government, financial sector, local government or educational institutions at the time of the incident. The interviews followed critical incident paradigm to focus on significant events during the cyber incidents, while also being semi-structured to compensate for the diversity of the incidents. Most of the interviewees raise up feelings of disbelief and despair as their first emotional response to the realization of being hit by ransomware, data theft or another severe cyber incident that could threaten operational or business continuity. Feelings of guilt and self-doubt were present, especially in those considered to be responsible for securing the network.  However, at the same time, feelings of purpose and self-efficacy were also reported by some. Having scalable resources available in the time of need, with well-defined roles and responsibilities for the core incident response teams and protecting them from unnecessary inquiries seemed to alleviate the stressors and anxiety of the Incident Response (IR) team during the event. Good leadership and internal communication were seen as important to maintain the necessary situational awareness and focus during the active incident mitigation and resolve phase. Long-term negative effects of the cyber incident were increased cynicism, fear of the situation recurring, and thoughts of changing career. These negative outcomes were mitigated by increased trust in colleagues, processes and systems with experience of self-efficacy. This paper discusses what types of mental strain cyber incidents introduce to cybersecurity professionals and top executives. It deepens understanding on what factors need to be considered in developing and enhancing the overall resilience of organisations against cyber attacks.