It usually happens on a Friday afternoon, at around 4 or 5 p.m. Admins and security experts receive a message telling them that something weird might be happening, and the quiet afternoon turns into chaos.
Data breaches and other security incidents tend to stretch the nerves of everyone, from teams trying to fix the issue to key stakeholders. They can all experience a wide range of feelings, including denial in the first moments, followed by sheer panic, anger, anxiety, and sometimes guilt. It’s not uncommon to experience an elevated heart rate, sweating, trembling, or nausea, and these events could even trigger mental health issues.
“I’ve had admins that couldn’t cope and walked out,” says Peter Mackenzie, director of the incident response team at Sophos.
It’s not just them. “These emotions can go viral, spreading throughout the organization,” says Dr. Patrick Stacey, who published a paper on the emotional reactions and coping responses of employees during a cyberattack. As stress builds up, C-level executives and board members tend to become edgy, putting pressure on technology professionals to solve the issue fast.
This kind of pressure never helps, says Michael Sjøberg, a hostage survival and crisis management expert who has worked for the Danish Army and is now a ransomware negotiator. “The more intense the situation seems to be, the more we as humans tend to be reactive and act without thinking,” he says.
How an organization handles a cybersecurity incident can decide its fate, therefore technology professionals and stakeholders need to make the right calls at all times. Remaining calm and collected is essential during a crisis but also even before it starts. The chain of emotion can begin much earlier.