The FDRA research review 2025–3 examines the psychological effects of cyberattacks on IT workers.
Recent studies indicate high work-related stress in the cybersecurity profession. Working in cybersecurity is often compared to being in a warlike environment. This paper explores the first-hand psychological effects of experiencing a cyber incident that threatens operational continuity. The study is based on interviews with IT professionals and top executives. These individuals were employed in multinational corporations, hospitals, central government, financial sector, local government, or educational institutions at the time of the cyber incident.
The interviews, which followed a critical incident paradigm, revealed feelings of disbelief and despair as initial emotional responses to ransomware, data theft, or other severe cyber incidents. Feelings of guilt and self-doubt were common, especially among those responsible for network security. However, some also reported feelings of purpose and self-efficacy.
Having scalable resources, well-defined roles, and protecting core incident response teams from unnecessary inquiries helped alleviate stress and anxiety. Good leadership and internal communication were crucial for maintaining situational awareness and focus during incident mitigation. Long-term negative effects included increased cynicism, fear of recurrence, and contemplations for a career change, which were mitigated by in trust in colleagues, processes, and systems. Understanding the psychological strain caused by cyberattacks on the cybersecurity workforce can help develop methods to mitigate these stressors.
2025:3 Psychological effects of cyberattacks
Additional information
Researcher, Dr Toni Virtanen
Previous research bulletins can be found here.
