Cyberattacks show no signs of abating. RubrikZero Labs’ research, “The State of Data Security,” reveals that enterprise IT teams face an average of one cyberattack per week. Almost every leader surveyed experienced a cyberattack over the last year and faced an average of 47 attacks during this timeframe.
Enterprises struggle against the relentless wave of cyber attacks. Only 5% of organisations can maintain business continuity or return to normal operations within one hour of a cyber attack. 92% of IT leaders admit to being unable to do so.
One out of three respondents to the Rubrick survey has little or no confidence in their ability to access critical data and business applications after a cyber attack. More than three out of four respondents reported their organisation will most likely pay the ransomware demands.
The study gathered insights from 1,600+ CISOs1,600+ CISOs, CIOs, VPs, directors, and other IT leaders across ten countries.
Rubrick’s study is not an outlier either. Sonic Wall’s research corroborates these findings. Two out of three organisations surveyed in the study were victims of cyber attacks. 91% of the respondents cited ransomware as their biggest concern. 76% of the respondents ranked phishing and spear-phishing as a top concern. 66% of them considered encrypted malware among their top three concerns.
Everyone knows the damages cyber attacks wreck on the enterprise infrastructure and finances. But the angle of cyber attacks that has not gotten the attention it deserves until now is the human cost. In Rubrick’s survey, 96% of respondents experienced significant emotional or psychological consequences following a cyber attack.
The human fallout of cyber attacks includes:
Financial losses
Cybercriminals steal credit card details or login credentials and commit fraud. These attacks cause financial loss and emotional stress for victim-individuals. These victims include employees, contractors, supply chain or ecosystem partners, and customers. Individuals may eventually hold the organisation liable for failing to secure confidential data. Still, blaming, fixing, and making the enterprise pay up takes time, and the process is distressing.
Job disruption and productivity loss
Cyberattacks almost always disrupt normal business operations. They often take systems down, preventing employees from accessing the tools and data they need to do their jobs. The attack may also disrupt supply chains, with employees unable to access goods or services needed to complete their jobs.
When employees cannot perform regular duties, they suffer from productivity loss. This causes stress and frustration. Later, they face increased workloads and stress to clear the backlog, leading to burnout and other emotional consequences.
Job Insecurity
Cyber attacks cause huge financial damage to enterprises. Often, they lead to loss of business and backbreaking regulatory fines. In many cases, a major attack affects the enterprise’s financial stability and loss of business. The implications for employees are job insecurity and emotional stress. Companies often resort to layoffs to cope with the crisis, leading to more uncertainties and stress. Rubrick’s research reports that 43% of respondents worry about job security after a cyber attack.
Emotional distress
Cyber attacks often involve the unauthorised access and theft of personal information. Such privacy violations cause emotional distress for the affected individuals. If employees fall prey to a phishing attack by clicking on a malicious link, they develop a feeling of guilt.
The atmosphere of uncertainty and fear causes employees to develop anxiety and a sense of vulnerability. They also suffer from a loss of morale. IT teams especially experience heightened stress and pressure as they work to remediate the attack. The pressure to quickly restore normalcy leads to extreme stress.
Trust issues
In the aftermath of a cyber attack, employees often experience a breakdown in trust. There is always a suspicion of rouge insiders, and any compromise of sensitive employee data worsens the situation. If the attackers gained entry through phishing attacks, then there will inevitably be a trust issue around the employee who clicked on the link.
Another dimension of trust erosion is losing confidence in the company’s ability to protect information. In Rubrick’s survey, 37% of respondents reported a loss of trust among colleagues in the aftermath of an attack.
About one in three respondents reported leadership changes following a cyberattack. Almost the same number report that their IT and SecOps teams are not aligned to defend their organisations from cyber threats.
Health and safety risks
Cyber attacks on healthcare or industrial control systems pose direct risks to human health and safety. For instance, a DDoS attack on a medical facility could make patient records inaccessible. Lack of information can disrupt timely care, leading to loss of life.
How to mitigate the situation:
There is no shortcut to overcoming the issues caused by cyber-attacks. The only way out is a proactive approach against cyber threats. If an attack happens, the enterprise must send strong confidence-building signals. They need to communicate their ability to resolve the fallout. Failure to do so will lead to a downward spiral in which the human and organisational impacts will worsen and feed each other.
Many times, enterprises focus only on addressing the technical aspects. Mitigating the human cost of cyber attacks requires measures to support employees’ well-being. The enterprise needs to:
- Provide support services to employees who experience emotional distress following a cyber attack. Open communication channels address concerns and inform employees about the organisation’s response efforts. Counselling assuages the employees and brings them back on track.
- Make clear communications on what happened and the current state. Keeping everyone in the loop builds confidence and promotes trust.
- Provide ongoing training to enhance cyber security awareness. Training employees on cyber security best practices reduces the chances of breaches. Teaching employees how to identify and prevent phishing attacks is especially important. Cyber-aware employees tend to be more confident and do not wilt under the pressure of a cyber attack. They can retain their calm and recover from its devastating effects.
Above all, equip employees and other stakeholders with robust tools that protect them from advanced identity-based threats and email attacks. Today’s attacks are sophisticated in nature, and even the most diligent employees may fall victim to a perfectly crafted phishing attack.
Proofpoint’s wide range of security solutions effectively keeps enterprise networks safe. The Aegis threat protection platform, for instance, breaks the attack chain and offers robust protection against phishing, ransomware, supply chain threats, and more. These solutions defend critical data from theft and loss. The Sigma information protection platform safeguards data against insider threats, regardless of whether the insiders are careless, compromised, or malicious. The Identity Threat defence platform prevents identity threats and remediates the situation in real time.