{"id":2040,"date":"2025-02-21T06:00:00","date_gmt":"2025-02-21T06:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2040"},"modified":"2025-02-21T06:00:00","modified_gmt":"2025-02-21T06:00:00","slug":"managing-the-emotional-toll-cybersecurity-incidents-can-take-on-your-team","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2040","title":{"rendered":"Managing the emotional toll cybersecurity incidents can take on your team"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Cybersecurity professionals face significant mental health challenges from their work, and it\u2019s no surprise why. They are responsible for maintaining the digital security of their organizations by protecting critical operations from intrusions, patching vulnerabilities, detecting threats, stopping adversaries, and remediating incidents, often under intense pressure, tight budgets, and crisis-driven deadlines.<\/p>\n

A 2022 study by Tines<\/a> highlights the toll of these demands: 66% of security team members reported experiencing stress at work, with 22% describing their stress levels as severe. The consequences are clear: Nearly two-thirds (64%) of respondents admitted their mental health affects their job performance, while an equal percentage stated that their work negatively impacts their mental well-being.<\/p>\n

Cybersecurity workers face the most intense pressure during a significant cybersecurity incident, particularly when their emotional reserves may already be low from dealing with routine stressors. <\/p>\n

\u201cThere\u2019s this inherent tension that exists in every organization,\u201d Joe Sullivan, CEO of Joe Sullivan Security and former CSO at Cloudflare, Facebook, and Uber, tells CSO. \u201cThe security team feels that everybody else is charging in a direction that\u2019s incurring more risk, and those other people don\u2019t bear the downside of the risk as much as the security organization does. That creates some anxiety and stress right out of the gate before you even get to an incident.\u201d<\/p>\n

Experts say the trauma of cyber incidents can reduce financial performance through decreased morale and increased attrition. They advise CISOs to advocate for deeper employee assistance programs targeted at cyber workers, which requires selling reluctant HR departments on these initiatives.<\/p>\n

They also recommend preparing workers for crises in advance of their occurrence. Finally, experts say it\u2019s vital for CISOs to share concerns for their workers\u2019 emotional welfare across their organizations.<\/p>\n

The emotional impact of cyber incidents<\/h2>\n

The chaos and pressure of dealing with a ransomware attack or other major cybersecurity incident can create psychological trauma for cybersecurity workers and even spread stressful emotions across the entire organization.<\/p>\n

Peter Coroneos, cyber industry veteran and founder of Cybermindz, a nonprofit that aims to improve cybersecurity worker mental health, tells CSO: \u201cCyber teams are very committed, and so they will go above and beyond to try and get the breach under control, but in the process, they are potentially being traumatized.\u201d<\/p>\n

\u201cWe do see trauma,\u201d he says. \u201cWe definitely see impacts on sleep and even the home life. You see issues with imposter syndrome and self-efficacy questions surrounding that. And often after a major breach, we see resignations because they never want to encounter a situation like that again.\u201d<\/p>\n

The mission-driven nature of cybersecurity compounds the trauma. \u201cCyber teams are acutely aware of the consequences of failure, and they are also acutely sensitive to this overriding mission they carry and have a very strong ethos around being a protector and a defender,\u201d Coroneos says.<\/p>\n

The physical and psychological toll comes from the response apparatus in the brain\u2019s limbic system, which has evolved to deal with flight-or-fight responses. Under the right conditions, this built-in protective mechanism can allow workers to stay stuck in trauma long after cyber incidents end.<\/p>\n

\u201cYou get the immediate hypervigilance and the fear and the emotional responses to the situation, which raises your heart rate,\u201d Coroneos says. \u201cCortisol levels go up. Everything\u2019s switched on. But unfortunately, and particularly in a breach situation, if you don\u2019t know that you\u2019re winning, if you can\u2019t necessarily see visible signs of having got the attacker out of the system, or if you\u2019re fearful that they may still be there despite what everything you\u2019ve done, then it\u2019s quite natural for this neurological system to remain locked on.\u201d<\/p>\n

This ongoing state of vigilance can create PTSD symptoms that are hard to dislodge, according to Coroneos. \u201cWe\u2019ve worked with organizations where [workers] have recurrent nightmares even eighteen months after a breach,\u201d he says.<\/p>\n

Mike Hamilton, CISO of Lumifi Cyber and former CISO of Seattle, thinks that SOC workers bear the brunt of the damage \u201cbecause those are the ones that are supposed to catch the thing before it gets out of control,\u201d he tells CSO. \u201cThat\u2019s their whole job. They\u2019re very mission-focused people. In a mission-focused role like that, you take it very personally when there\u2019s a miss.\u201d<\/p>\n

CISOs face singular pressures<\/h2>\n

The fallout from a cyber incident might affect the welfare of the CISO most of all, given the singular pressures these security leaders face. The stress involved has even been shown to lead to increased depression and even substance abuse<\/a> among CISOs. Compounding the issue is the possibility that cybersecurity leaders could face personal liability<\/a> for their professional actions, a fact that has soured 70% of CISOs on their role<\/a>, according to one survey.<\/p>\n

\u201cBecause of the incident that I went through and my general experience, I\u2019ve talked to a lot of security leaders when they\u2019re in crisis situations,\u201d Sullivan says. (Sullivan, a former federal prosecutor, was charged with obstruction of justice for his handling of data breaches at Uber in 2016 and was ultimately sentenced to three years\u2019 probation<\/a> \u2014 considered by many to be a \u201cwatershed moment\u201d for CISOs\u2019 liability risks<\/a>.)<\/p>\n

\u201cThe thing I always tell them is that your organization, and you, are going to be judged as much on how you handle crises as you will be judged on how you worked on prevention. In fact, maybe even more,\u201d he syas.<\/p>\n

CISOs who leave organizations after breaches often experience a deep sense of relief, like a heavy burden has been lifted from them. \u201cAnd that\u2019s why you see more people stepping out of these roles earlier in their career than I\u2019d like,\u201d Sullivan says. A recent survey found that 24% of CISOs are actively looking at the exit<\/a>.<\/p>\n

Hamilton thinks the blame leveled against CISOs for breaches has diminished over the past several years. \u201cPrior to even the last year or two, the CISO would be afraid of losing his or her job,\u201d Hamilton says, or worse, prosecuted for how they handled situations. But \u201cit\u2019s changing now because the chief of information security is now starting to talk in the language of business, and they\u2019re not a scapegoat or a checkbox anymore.\u201d<\/p>\n

Unaddressed mental health issues raise organizational costs<\/h2>\n

The range of direct and indirect costs to the organization makes the psychological damage of cybersecurity breaches a drag on corporate bottom lines.<\/p>\n

\u201cWith some of the organizations we\u2019ve worked with, the impacts have been felt organizational-wide, all the way through to call center staff who may even get death threats from disgruntled customers,\u201d Coroneos says. \u201cThen you have the regulator knocking on your door, so you get this massive ripple effect of interacting forces.\u201d<\/p>\n

Among the organizational impacts is a loss of morale following cyber incidents. Psychologist Richard Miller, who has developed a protocol for Cybermindz based on a program he designed for the US Army, says that in an attack situation, \u201cif one person goes down, that\u2019s going to decrease the morale amongst all the team members.\u201d<\/p>\n

Decreased morale, burnout, and PTSD cause attrition among cybersecurity workers, which can cost organizations dearly when recruiting replacement personnel. \u201cTo put it into financial terms, even though that\u2019s not our primary objective, to replace people is expensive,\u201d Coroneos says. \u201cIf you fail to support your workers and you end up with a number of them resigning after a breach, it will have a tangible financial cost on the organization.\u201d<\/p>\n

And that loss of personnel could become a chronic problem. \u201cIt potentially causes a shift in the attractiveness of cybersecurity as a career,\u201d says Coroneos. \u201cWe\u2019re concerned that young people are not entering the profession because they see the severity of breaches and the impacts, and it can be a deterrent as well.\u201d<\/p>\n

Going beyond mindfulness to build resiliency<\/h2>\n

Although some organizations try to address overall worker mental health issues through mindfulness and other programs, experts say they need to dig deeper to address the unique issues facing cybersecurity personnel.<\/p>\n

\u201cMindfulness is a wonderful practice,\u201d Miller says. \u201cWe\u2019re working at a very deep level with not only how do you not just decrease your stress through mindfulness interventions like breathing, body sensing, stress reduction but also giving skills for dealing with a difficult, challenging emotion or judgment or circumstance and how to build an inner resource of indestructible well-being.\u201d<\/p>\n

CISOs must think about building these kinds of emotional resilience reservoirs among their team members well before any actual crises. \u201cThere\u2019s an adage from the military that the more you drill, the better you perform in real life,\u201d Sullivan says. \u201cAnd that clearly is the case in a cybersecurity incident, too. The more repetition we get, the more muscle memory we have and the more coordination we have among all the disparate parties. We need to invest a lot more in preparing for crisis because if we prepare well, we\u2019ll emerge much more successfully.\u201d<\/p>\n

Normalize crises to reduce shocks<\/h2>\n

Normalizing crises could help reduce the emotional shock of a bad cybersecurity incident. \u201cI got this really good advice from the COO of eBay when I was working there,\u201d Sullivan says. \u201cHe said, \u2018If your job is to respond to crisis situations, you need to build an organization that views it as their job, not as a crisis.\u2019 In short, if your job is to put out fires, build a fire department. Firefighters wake up every day, and they know what their job is. They don\u2019t stress. They go into high-risk situations, but they\u2019re prepared and trained, work in shifts, and have the right equipment. They\u2019re built to respond to fires. We have to build our security organizations to respond to fires.\u201d<\/p>\n

Ian Campbell, security operations engineer at DomainTools, spent 10 years as an emergency response dispatcher. He extends the fire department metaphor to underscore the importance of not allowing team members to bottle up their emotions after an incident. Campbell observed that the police department \u201cwas very much, \u2018this is what happens, get it done, move on to the next.\u2019\u201d<\/p>\n

The fire department, on the other hand, \u201chad structures set up ahead of time that were much healthier for people to process incidents,\u201d with many pre- and post-incident discussions on how the firefighters were feeling, Campbell says. \u201cWhat I realized throughout ten years is that \u2018keep it to yourself\u2019 is a harmful attitude. Setting up programs like [the fire department program] ahead of time is crucial.\u201d<\/p>\n

The importance of getting HR on board<\/h2>\n

Although most CISOs readily agree that their organizations would benefit from programs to help their teams deal with the trauma of cybersecurity incidents, funding these initiatives from human resources departments, which typically control the purse strings for employee assistance programs, is often an obstacle.<\/p>\n

\u201cWe have found that HR doesn\u2019t understand,\u201d Miller says. \u201cThey\u2019re thinking that the cyber workers are similar to other workers in their industries, and it\u2018s just not so.\u201d<\/p>\n

Hamilton recommends that CISOs lobby the HR departments for funding by highlighting the turnover costs of stress and burnout. \u201cThe burnout rate is astronomical for this job,\u201d he says. \u201cSo, that would probably be the value proposition to give to HR. This is about retention.\u201d<\/p>\n

Sullivan thinks a helpful maneuver is for CISOs to share their burdens across the organization. \u201cSecurity leaders take the whole weight of security of their organization on their shoulders when the reality is it\u2019s not the security leader who decides in a vacuum. How big is our security budget as an organization? What is our risk prioritization as an organization? How do we communicate about security incidents as an organization? The security leader doesn\u2019t own any of those things.\u201d<\/p>\n

\u201cWe\u2019re trending in the right direction, but the progress we\u2019ve made is a reflection on the effort of the security leaders in place right now,\u201d says Sullivan. But, \u201cmost CEOs, chief legal officers, heads of communication, business leaders in general, have hundreds of stresses that are giving them anxiety every day. Unless the security leader stands up, raises their hand, and says, here\u2019s a corporate level of anxiety that we all need to address together, the rest of the leaders shouldn\u2019t be expected to jump right in.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Cybersecurity professionals face significant mental health challenges from their work, and it\u2019s no surprise why. They are responsible for maintaining the digital security of their organizations by protecting critical operations from intrusions, patching vulnerabilities, detecting threats, stopping adversaries, and remediating incidents, often under intense pressure, tight budgets, and crisis-driven deadlines. A 2022 study by Tines […]<\/p>\n","protected":false},"author":0,"featured_media":2022,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2040","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2040"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2040"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2040\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2022"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2040"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2040"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}