Whilst the financial, operational, and reputational damage caused by cyber-attacks is often the focus of attention, the emotional toll on staff involved in the recovery process is an equally important but frequently overlooked aspect. Employees working on the frontline of recovery often find themselves grappling with a unique set of stressors that can significantly affect their emotional well-being and mental health. This is never discussed or part of the cyber security recovery planning that organisations have developed. It is a marathon not a sprint!
This opinion piece explores the emotional impact of a cyberattack on staff involved in recovery and offers insights from my personal experience of a cyber incident into how organisations can support their teams during such high-pressure times.
Observations During Recovery from the Cyberattack
A cyberattack often feels like an unprecedented crisis, leaving those involved with feelings of shock, uncertainty, and the overwhelming nature of the recovery tasks. The emotions I observed in the aftermath of an attack ranged from acute stress and anxiety to feelings of guilt and fear. Some of the main observations are detailed below.
1. Stress and Anxiety
The Cyberattack was one of ransomware. Before it had been discovered the bad actors had traversed the infrastructure. During containment and the subsequent recovery there was an environment of constant pressure, especially for IT staff. The uncertainty about the scale of the attack, how much damage had been done, and the time required to recover, working late hours and weekends led to elevated levels of stress.
2. Fear of Failure
Employees involved in the recovery felt like they were bearing the weight of responsibility for the organisation’s survival. There was a deep-seated fear of failure—failure to restore systems in time, failure to prevent further damage, and sometimes, failure to adequately protect sensitive data. The emotional burden of feeling personally responsible for the attack that led some staff to have self-doubt and fear of failure.
3. Sense of Isolation
During the cyberattack recovery, many of our staff found themselves working in isolation, both physically and emotionally. This isolation can heighten feelings of loneliness, in those staff.
4. Burnout
This was the biggest concern I had for the staff I was working with. Recovery from a cyberattack typically demanded long hours, intense focus, and a heightened sense of urgency. This sustained effort led to tiredness and lack of energy, a state of emotional exhaustion and diminished performance for those staff most actively involved.
Supporting Staff Through Recovery
Organisations must take a proactive approach to support their employees emotionally during and after a cyberattack recovery. Addressing the emotional needs of staff can help mitigate the long-term effects of a cyberattack and lead to a stronger, more resilient team. Here are some lessons from the event that occurred.
1. Clear Communication
During a cyberattack, there was clear, transparent communication. Employees needed to be kept informed about the situation, the steps IT were taking to resolve it, and the expected outcomes. It became clear that letting our staff know the next steps helped reduce uncertainty and provided staff with a sense of control over the situation. After the crisis, regular communication about recovery efforts and future prevention strategies helped to rebuild trust.
2. Provide Emotional Support
Organisations should offer emotional support services, such as access to counsellors, mental health resources, or stress management programmes. The organisation I was involved with provided employees with an outlet to express their feelings with a free counselling service.
3. Promote Work-Life Balance
To help staff and recognise their efforts, hours and days off in lieu were provided along with more flexible hours when they required it for family and personal life matters.
It is also important to make staff go home to rest and/or provide temporary hotel accommodation if they are not within easy reach of their home when working late hours to support the management of the event.
4. Provide Recognition and Appreciation
Senior management across the organisation provided thanks personally and in written communications this reinforced the sense of value of those frontline staff involved in the recovery.
Food and Drink
Basic but equally important to emotional support was providing food and drink to those in the office working long hours to isolate the attack and then work on all the recovery tasks required to get business as usual service back online for staff and customers.
Be Prepared for the emotional impact
The emotional impact of a cyberattack on an organisation goes far beyond the technical and financial consequences. Employees involved in recovery face significant psychological challenges, including stress, fear of failure, isolation, and burnout.
Organisations must recognise and address these emotional tolls by offering clear communication, emotional support, and resources for recovery. By supporting their staff through these challenging times, organisations not only help them cope with the immediate aftermath but also foster a resilient and prepared workforce for future cyber threats.
Sean Green is interim CIO at Birkbeck, University of London.
