What happens to Heroes?” EPISODE #8: The Unsung Heroes of the digital world by Didier Annet

The Psychological Impacts of Cyberattacks

This is the height episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack.

What I will call the “Heroes”

The psychological impacts hitting the Heroes.

“Yes, I’m different today. Insecurity is much more prevalent for me, it’s

much more present in my head and in my everyday life. I try to make

people around aware of safety issues. After that, I’m a bit more on edge

since what we went through. It’s always in the back of your mind. I

have this anxiety, a bit like an alarm button that could go off at any moment.”

Excerpts from Interviews with Heroes

When a company suffers a cyberattack, attention immediately turns to the technical damage, financial losses, and vulnerabilities that need to be addressed. Crisis teams are activated, communications are sent out, and systems are restored. And once “everything is back to normal,” we move on to the next thing.

But for the teams, nothing will ever be the same

In this episode, I invite you to take a closer look at the human side of cyberattacks. More specifically, we will focus on the consequences for the heroes who have experienced cyberattacks and must deal with the stress of the crisis, as well as the side effects in the aftermath. The psychological repercussions are setting in quietly. And they can last much longer than the crisis itself.

What signs or outcomes emerge from Hero’s interviews?

• There is no doubt that chronic stress can have a negative impact on well-being when it persists beyond temporary episodes. There is the stress caused by a cyberattack, which triggers a fight-or-flight response that helps overcome the crisis. This can be categorized as “good stress.” However, if this intense stress continues over time and the emotions associated with the incident are not managed, it will lead to prolonged anxiety that is harmful to health.
• Burnout is another consequence of chronic stress. Not everyone is affected in the same way; some people are more resilient than others. Insomnia, constant alerts, and high pressure can all contribute to burnout.
• Loss of confidence: in tools, in procedures, and sometimes even in the organization. Everything is subject to scrutiny.
• Guilt: Some employees feel responsible. They think, “I could have prevented this.” “I acted impulsively.” The feeling of responsibility is an intangible burden.
• Paranoia: Every suspicious email, every unusual behavior becomes a source of anxiety.
• Internal strife: Discord arises between long-standing members and newcomers, as well as between those who experienced the crisis firsthand and those who did not.
• People seek a scapegoat, leading to blame. Tensions rise.
• I have heard about instances of physical violence and employees spitting in the face of an IT security manager, accusing him of causing them to lose their job.
• Resignations: some people prefer to leave following the attack. There is a mixture of leaving due to feelings of guilt, a consequence of crisis management that crisis management is often destructive), and frustration at not being listened to. There is also frustration at seeing new people arrive and a feeling of being judged.
• Criticism: “Why didn’t we do anything before?” “We should have been ready.”
• Overburdened work: In addition to your daily responsibilities, you must tidy up, reinforce and document everything urgently.

Corporate cybersecurity can be enhanced in terms of preparation and human support. It is a matter of employees’ well-being but also a financial concern for businesses.

Beyond technical readiness, there must be psychological support before, during, and after a cyberattack.

How does your company consider the human impact of a cyberattack, both during and after the event?

CONSIDERATIONS. Could a human element be incorporated into the definition of a cyberattack?

🔐 A cyberattack is a deliberate and malicious action conducted through cyberspace that targets an individual, organization, or system with the intent to disrupt, disable, destroy, or gain unauthorized control over digital infrastructure, data, or services. In addition to technical and operational consequences, cyberattacks can have significant psychological and emotional impacts on affected individuals and employees, especially those who are fighting to survive in high-pressure environments.

About the Author

Didier Annet is an Operational & Data Resilience Specialist and a Certified Professional Coach dedicated to empowering individuals and teams to navigate the complexities of an ever-changing digital landscape.

Find him on LinkedIn: Didier Annet