Cyberattacks have become common practise. Every year industrial reports and media keep sharing breaking news about cybercrime and its increased occurrence. Research shows that 1 out of every 7 employees confronted with an attack, either directly or indirectly can start to show symptoms many months later at a level where trauma treatment help is required. It also shows that 1 out of 5 admitted to needing help after an attack and 1 in out of 3 would like to have more upfront knowledge and tooling to address psychological effects.
In this blog, I will highlight cyberpsychology by addressing the social and psychological effects related to cyber-attacks, showing all leaders why Cyber Security is an essential part of their leadership.
Today it is more likely for people to encounter some form of cybercrime and online fraud and experience adverse psychological effects. Research shows that worldwide on average we spend 6.4 hours of our time online. This contributed to the fact that the likelihood of cyber-attacks has increased exponentially and becoming a victim of cybercrime can trigger emotional responses like anger, worry, guilt and regret.
In order to protect and equip ourselves to manage the psychological impact, we need to take security precautions, highlight cyberpsychology and asking our leaders to step up even more. A cyber crisis comes with many challenges. Estimating the risks, dealing with the crisis, communicating during and after the crisis, getting into protective mode, understanding the role of culture and facing criminal characteristics, all at the same time.
Leadership is more important than ever
Being hit by Cyber Security incidents, whether it is on company, department, team or individual level may leave a deep mark on those affected and that mark can linger long after the crisis has taken place. For example, for teams impacted by colleagues staying home on sick leave. We should not underestimate the lingering effects it can have and how far it can spread through the organisation. With the ongoing surge of criminal activities, the impact of a cyber crisis is becoming a huge issue for employees, management and leadership in general.
During my years in security, I have seen how teams can show symptoms long after a crisis has passed and being aware of the importance of management taking the right measures to protect the well-being of their staff. What kind of measures? Well, keep reading.
Take care of our mental health
We need to make sure there is a good focus on mental health and the organization has a mental health program available for all impacted employees. If this attention on mental health is not taken care of, it can become a company risk just like technical vulnerabilities in IT systems that we monitor in cyber defence.
Another measure in ensuring mental health is that we, to a certain extent, train (senior) management to recognize and address mental health issues that could arise in their teams. Or make use of behavioural coaches to support the (cyber) teams and management to promote and foster a healthy (mental) environment. We are all in this together, learning along the way and when we train and educate and trust each other we can achieve so much! There is nothing more detrimental than a blame culture. I believe it is of the utmost important that we focus continuously on raising the profile of how cyber-attacks can affect our mental health and place it higher on the agenda of leadership.
Zero Trust approach to Save Trust
The role of the Rabobank organization has evolved, and we cherish trust above all. It can be contradictory to always assume a Zero Trust approach and at the same time trying to instil and promote trust as a value, as a pillar and as a connective tissue for all our staff. We have to be suspicious and see danger everywhere but when it comes to protecting the bank, and our customer’s trust (which is our main currency, let’s be clear); it is our duty to assume zero trust so we can prevent and soften the impact where possible for our customers, staff and other stakeholders.
It is a marathon, not a sprint!
It’s not all bad of course. But we need to improve and maximize our collaboration. IT and non-IT staff and stakeholders coming together in unison, becoming closer with colleagues, deepening our conversations, peer bonding and showing empathy and solidarity; these all evolve more because we need each other and can only do this together.
Senior management needs to be actively involved in supporting recovery. I am proud to see that they are, and that staff and managers feel responsible and that is commended.
Additionally, constantly utilize structured policies and shared ways of working to ensure workload is evenly distributed and ensure an open environment where feelings can be aired. And as a cherry on top…..our communities; focused care and open dialogue. We need to make sure we utilize them to discuss this topic more with tribes, guilds, communities and our mentorship programs.
We have a common denominator; we need each other to be successful. We also need each other to be and stay healthy and that includes our physical and mental health. Psychological safety is required on each level within an organization to do our jobs well. It should ring true and strong for all, especially now that we are faced with how cybercrime affects us. After navigating the journey of bringing people back into physical spaces, holding onto connected work cultures and continuing with remote access, we need to navigate the cyberpsychology space, for our well-being. Together. And we need to keep this up because it is not a sprint but a marathon.
Stay safe and stay healthy.