FINAL WORD

In recent years the rising global cost of cybercrime , which is anticipated to hit US $ 10.5 trillion by 2025 , has led to a tightening in regulatory cybersecurity demands . As a result , cybersecurity risk management has become a priority for board members who are duty-bound to oversee , assess and monitor the enterprisewide cybersecurity strategy . decreased productivity , increased workplace absences and in some cases even job loss .

In terms of workforce wellbeing , the current ransomware crisis is exacting a heavy toll on the mental health of employees . With phishing attacks accounting for more than 80 % of all cybersecurity incidents , front line staff are expected to be constantly vigilant yet are often not supported or equipped to handle cyberthreats effectively . For those that unintentionally instigate a security breach , the consequences can be devastating on both a professional and personal front .

Parisa Bazl , Head of User Experience , Commvault

For most organisations , reducing the risk of exposure means designing cybersecurity programmes that protect systems , networks and data from digital attack . However , the emotional wellbeing of employees in the context of cyberrisk is , more often than not , underrated .

With Gartner predicting that nearly half of all cybersecurity leaders will change roles by 2025 thanks to work-related stress , organisations need to look beyond the financial , legal and compliance aspects of planning for cyber-risk . Because the negative emotional impact of security incidents also poses a significant risk to the collective wellbeing and performance of the workforce , by not addressing this important human aspect of cyberdefence , organisations put their people and their ability to maintain digital frontline defences at risk .

The psychological consequences of cyberthreats

Traditionally , the primary focus for cybersecurity has been centred on implementing specialist tools , technologies and organisation-wide incident response plans . However , by overlooking the human consequences of cyberattacks , organisations put one of their most valuable resources – their human capital – at risk .

For example , the social and psychological impact on employees who are targeted and manipulated by threat actors can be profound and long lasting . According to a study from the Royal United Services Institute ( RUSI ), employees who fall foul of clever social engineering tricks that lead them to click on malicious links or download attachments experience a whole range of negative emotions including fear , guilt , shame and humiliation . Over time , this distress can result in long-term psychological , physical , reputational and social problems , which in turn results in

Understanding the impact on cybersecurity teams

Similarly , the rising volume of cybersecurity incidents is also negatively impacting the wellbeing of security professionals . According to data published last year , nearly two-thirds of cybersecurity incident responders sought out mental health assistance due to the demanding nature of responding to cyberattacks . Meanwhile , a 2022 study revealed that one in seven security staff experiences trauma symptoms for months after an attack , with one in five considering a job change as a result . A further 81 % went on to state that the ongoing ransomware crisis has only served to exacerbate the alreadypressing psychological demands posed by cybersecurity incidents .

Given the current shortage of cybersecurity talent , organisations can ill afford the manpower attrition that results from the elevated stress levels and burnout currently being experienced by this key cohort of personnel .

Rethinking resilience : taking a people-centric approach

With organisations facing hundreds of intrusion attempts every day , understanding the dangers and risks to the workforce itself should also be part and parcel of any cybersecurity and resilience strategy .

WITH ORGANISATIONS FACING HUNDREDS OF INTRUSION ATTEMPTS EVERY DAY , UNDERSTANDING THE DANGERS AND RISKS TO THE WORKFORCE ITSELF SHOULD ALSO BE PART AND PARCEL OF ANY CYBERSECURITY AND RESILIENCE STRATEGY .

www . intelligentcxo . com

75