“What happens to Heroes ?” EPISODE #3: The short story long by Didier Annet

The Psychological Impacts of Cyberattacks

This is the third episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack.


What I will call the “Heroes”


The hidden impact of Cyberattacks
“Two or three days later, the paranoia sets in and it’s unbearable. The slightest call, the slightest thing that doesn’t work immediately, as it should generate fears and anxiety. It was really quite complicated during the weeks and months after the cyberattack. And today, it’s still something present.”

Excerpt From the Interview
During the genesis of my book, I analyzed cases where I interviewed people who had been involved in a major corporate cyberattack. I was also heavily involved in the long, arduous process of rebuilding IT and systems following such an event.

What shocked me the most? The human impact.

Most readers are familiar with the typical sequence of a cyberattack. Let dive into what happens next after the quick fix …


The RECONSTRUCTION PHASE
Once the company’s operations partially resume from the cyber crise, it will continue to face challenges due to the after-effects of the crisis. Disruptions have caused some customers to lose confidence, which will affect future sales. As internal stresses subside and the company strives to maintain equilibrium, workers gradually regain complete access to IT systems, enabling them to resume work, albeit in uncertain circumstances. For the IT and security teams—our Heroes—this period marks the transition toward a new kind of ‘normal’ in their daily activities.

As the crisis has ended, the company must promptly execute recovery strategies to minimize harm and enhance long-term resilience. This phase, which follows a crisis, is often full of challenges. It can become a new source of internal tension due to increased workloads. Various relational dynamics come into play, including the settling of scores that were initiated by tensions built up during the crisis. People look for someone to blame for mistakes, and the first departures are an inevitable consequence of such scrutiny.

At the same time, a complex dynamic arises concerning the recognition of the rescuers’ efforts and the management of relationships within the company. The teams that successfully contained the cyberattack deserve recognition and appreciation for their dedication and efficiency. This recognition is crucial to motivate the IT department to continue the rebuilding efforts. However, it is essential that this appreciation does not alienate staff who were not directly involved in resolving the cyberattack. It could lead to internal conflict, particularly regarding the implementation of company regulations and the management of privileges granted to the ‘Heroes’ during the crisis.


What are the 3 most common human consequences of a cyber crisis?


CONFLICT
The consequences of a cyberattack can be far-reaching and often lead to interpersonal conflicts within a team. Crisis communication was a critical challenge, as there is often a lack of clear, transparent, and timely information. Egos can clash when individuals compete for recognition or try to shift blame, further escalating tensions among team members. Miscommunication and secrecy further fuel these conflicts, as unclear or withheld information can lead to misunderstandings and mistrust. This leads to frustration and confusion. Searching for a guilty party can lead to a hostile environment, where people point fingers and scapegoat others, which undermines team cohesion. Some individuals may also try to position themselves as heroes, trying to improve their reputation by undermining collaboration and unity. These problems are exacerbated by individuals trying to conceal previous errors or questionable choices, out of apprehension about potential consequences. Some might even manipulate events, fabricating narratives that favor their own interests, adding yet another level of complexity.


BURNOUT
Following a cyberattack, IT professionals frequently experience high levels of burnout due to several factors. Disputes within the team can foster a hostile work atmosphere, where egos collide and finger-pointing intensifies stress. The daunting workload during and following the incident, combined with the pressure to address the emergency, can result in physical and psychological weariness. Post-traumatic stress is a common experience, with the intense pressure and fear of consequences persisting long after the event. Many individuals feel unappreciated for their efforts, which can demotivate and diminish their motivation. Additionally, the company’s secretive approach to handling the crisis often prevents employees from explaining the situation to their families, leading to isolation and further emotional strain. Collectively, these factors contribute to severe burnout, which negatively affects the well-being and productivity of those involved in the cyberattack response.


RESIGNATION
After a cyberattack, many IT professionals resign.

It is quite clear that cumulating the conflicts and burnout reasons mentioned above are largely sufficient to exceed the resignation threshold that an employee can afford.

These factors contribute to a high turnover rate among IT professionals, who leave to find better working conditions and a healthier work-life balance.

It struck me as unusual to observe:
• Those enduring the greatest hardship remain in their employment.
• Conversely, those who could emotionally handle it have resigned.


THINGS TO REMEMBER
Human factors significantly impact business operations, potentially leading to financial consequences due to prolonged recovery times and staff turnover. Losing specialized skills can decrease efficiency and necessitate team restructuring. Recovering comprehensively from a major cyberattack is a lengthy process that can take months or even years. Prioritizing the well-being of your human resources accelerates business recovery and enhances overall performance.


Stay tuned for the next episode.

And don’t forget: “Cybersecurity is like a seatbelt—most of the time you don’t need it, but when you do, you’ll be glad it’s there!”


About the Author

Didier Annet is an Operational & Data Resilience Specialist and a Certified Professional Coach dedicated to empowering individuals and teams to navigate the complexities of an ever-changing digital landscape.

Find him on LinkedIn: Didier Annet

Learn more in his book:
📖 Guide de survie aux cyberattaques en entreprise et à leurs conséquences psychologiques: Que fait-on des Héros ? (French Edition)Available on Amazon

Coming soon: The English version – “What Happens to Heroes”