A study shows that the psychological consequences of a serious cyber attack, such as ransomware, are serious, long-lasting and run through the entire company. Companies and employees have to learn how to deal with the pressure.
Information security specialist Northwave has conducted a scientific study on the psychological impact of large-scale ransomware attacks on businesses. The results show the deep scars such a crisis leaves on all those affected. At the same time, they make it clear that even after the attack itself has been overcome, it can still be a long time before normality returns to the IT and security teams.
An attack shocks all employees
"The research shows that the psychological effects of ransomware attacks on people in the affected companies can last for a very long time," says organizational psychologist Inge van der Beijl, Director Behavior & Resilience, Northwave. "As the results show, members of the crisis team may not develop serious symptoms until much later. Management and HR must take countermeasures, right from the start of the crisis. After all, they are responsible for the well-being of their employees.”
Van der Beijl continues: “We also found that the teams often show signs of disintegration some time after the crisis, because members leave the company or have to be on sick leave. The study shows that the impact can extend to the entire company. All in all, it demonstrates that these unseen consequences of a major cyberattack should be on the agenda of senior management and definitely HR managers too.”
Employees need support after the stress
Several months later, one in seven employees directly or indirectly affected by the attack has symptoms severe enough to exceed the clinical threshold for professional trauma care.
One in five employees states that they would have needed more professional help to come to terms with what they had experienced.
One in three would have liked to have more knowledge and concrete tools to deal with the psychological consequences of the attack.
An attack has a lasting impact on the way employees see the world. Two-thirds of employees, including those unaffected by the attack, now feel the world is less safe. As one IT manager explained: “I've become much more suspicious. The world out there is dangerous.”
Post-attack positive effects
In addition to the negative consequences of ransomware attacks, there were also positive after-effects. IT departments found they could finally implement long-overdue security measures as their organization made cybersecurity a higher priority. Colleagues outside of the IT department also showed more solidarity and empathy.
Almost half of those surveyed believe that collaboration has improved significantly.
One in five employees affected by a ransomware attack said they now have better contact with their colleagues.
About Northwave
Northwave helps companies stay on top of their cyber security. The security specialist uses its wide range of know-how to offer customers from all private and public sectors a complete package of services that spans the human, technical and organizational aspects of information security.