[Reading time: 49 seconds]

In November, I mentioned research published by Northwave Security on the psychological impact of a cyber-attack on employees.

At the time, I wrote that “in the first weeks of an incident, issues such as lack of sleep, binge eating and drinking are common. Many express guilt for months after an attack, because they did not see the attack coming. And even 1 year after an attack, 1 in 7 of those directly or indirectly involved in the incident response showed symptoms of trauma so severe that they require psychological help.”

Jason Scanlon recently wrote an article that also mentions this Northwave report. His analogy with the physical world is very powerful:

“[imagine you] are the branch manager of an equipment hire business. One day, four robbers enter your branch and demand that you and your employees lie on the ground. After tying everyone up, the robbers leave with millions worth of equipment.

The next day, you retrieve most of the stolen goods, enhance your security measures, and its business as usual, right?

Not exactly. While you’re working to retrieve your goods and up the ante on your security, your employees are traumatised. Gary from accounting has nightmares, Grace from HR experiences constant panic attacks, and Patricia from customer service cries before leaving the house in the morning.”


So what?

We are right to worry about the financial cost, business disruption, and reputational damage of a cyber attack.

But we should also worry about our mental health.

It’s the hidden cost of a cyber attack.

Taking action now to improve the health of our security defences could make a significant difference to our health and wellbeing in the future.


[Update: I interviewed Jason to discuss this topic in more detail. You can view the interview on YouTube here or listen to the interview on the Cybersecurity Without Insanity podcast here (or wherever you get your podcasts)]