The psychological consequences of cyberattacks: an IBM study

IBM says that ransomware attacks harm incident responders psychologically

According to a survey conducted by IBM and Morning Consult, hundreds of cybersecurity incident responders indicated ransomware attacks have a significant impact on their mental health.

Incident response indicates the activity of immediately identifying an attack lessens its effects, confines the damage, and addresses the root cause to lower the likelihood of further events.

The IBM Security Incident Responder Study focuses on the challenges and the trends that cybersecurity incident responders have to face connected to their profession. 

The study involved 1100 cyber responders. Of those, 81% stated that the growth of ransomware attacks “has aggravated the psychological pressures associated with cybersecurity disasters.” 

The reasons for these consequences can be found in the instant interruption and direct financial loss that ransomware can cause organizations, as well as the potential public impact. The damaging assaults on companies make them lose money every more minute they are perpetrated, and both the CEO of the company and the incident responder are aware of this. 

Even more, recent attacks are targeting essential services: ransomware assaults against manufacturers, including those of food, medical devices, vehicles, and steel, increased more than any other industry in 2021, resulting in even higher pressure that responders have to face. 

Most incident responders, according to the IBM study, entered the cybersecurity field out of a sense of duty to others, yet incident response is also one of the most stressful elements of work. This sense of duty is becoming more and more difficult to fulfill in light of the rise of disruptive attacks, such as ransomware attacks and the more recent emergence of wiper malware.

The top three stressors associated with cyber events, according to about half of all respondents, were “a sense of obligation toward their team/client” and “managing stakeholder expectations.” Responding to cyber-attacks has caused stress and anxiety for more than three-fourths of respondents in their daily lives, and as a result almost 65% of respondents have sought mental health support.

The IBM study highlights the top three characteristics of incident response workers nowadays:

  • Strong sense of duty: the urge to protect and the chance to assist people and businesses led to the job of over a third of incident responders to the field, and for 80% of the responders this was one of the top reasons. 
  • Fighting on Multiple Fronts: due to the recent increase in cyberattacks, 68% of incident responders who were questioned said it was normal to be assigned to two or more overlapping situations at once (68% of responders frequently need to address two or more cybersecurity events at once).
  • Impact on Daily Life: with 67% of incident responders reporting daily stress or anxiety, the high demands of cybersecurity engagements also have an impact on incident responders’ personal lives. Insomnia, burnout, and a negative influence on relationships or social life were the next consequences mentioned by respondents. Despite these obstacles, the great majority agreed that they have a supportive network in place.

The importance of mental wellbeing is stressed in this study, which underlines the need for support and acknowledgment in the workplace. 

The vast majority of respondents stated they have a good support system in place as incident responders handle the strain and demanding nature of cyber response. Particularly, most respondents believe their leadership has a thorough awareness of the activities involved in internal relations, and 95% believe it offers the essential support network for them to succeed. The majority of responders (64%) seek out mental health assistance as a result of the demanding nature of responding to cyberattacks, and 84% of those say they have enough access to services for mental health support.

But organizations can empower incident responders even more by prioritizing cyber readiness and developing plans and playbooks that are tailored to their specific environment and resources, such as external IR teams that might engage in the case of a cyber crisis. As a result, an incident may be handled more quickly and agilely, and the burden on the entire company may be reduced. 

Businesses should concentrate on using simulation exercises to assess their level of readiness, using situational awareness of their infrastructure. This will give them an idea of how their teams would respond to an attack and will also give them the chance to properly integrate the many teams that will be involved in a cyber incident. This approach might better the integration of workforces in the workplace, and might also lead the road to a better understanding and focus on the mental wellbeing of the responders.

Author: Anna Taffarello


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at

Up ↑

%d bloggers like this: