We’re all well aware that a cyberattack can take a heavy toll on an organization’s financial and reputational status, but what about the emotional toll on the employees who’ve had to work through it?

Why Develop an Incident Response Plan

When an organization experiences a breach, everyone is looking for who to hang this on—am I going to lose my job? Is it going to be somebody else’s job? Where is it at? In essence, this “pass the buck” mentality compounds the problem. Now the problem isn’t just the breach, there is in-fighting about the breach, which creates a secondary negotiation and issue at hand. The human brain is not good at multitasking both the breach and the stress of potentially losing one’s job.

What to Include in an Incident Response Plan

  • Create a teamwork mindset and culture

Your messaging should be “we’re all a team, we’re going to get through this!” During a breach, the storyline should not be that one person is the problem or is at fault. The problem is the breach. Everyone is on the same side of the table. Everyone is doing their best.

  • Create a schedule to allow others to rest

Research shows as humans, we need about seven to nine hours of sleep. When you lose that in one night, you lose your cognitive capacity by 30%. If you lose it a second night, it drops 60%.

It takes about a week on average to recover. When you need to have every part of your brain functioning to resolve the incident, having a preset schedule allows everyone, regardless of roles, to get some rest. Another important thing that happens with sleep is our brain consolidates neurons and information, so we take what we’re bringing in with what we already know. If we don’t give our brain a little bit of downtime, we’re losing the opportunity to use that 98- 99%.

  • Include the C-suite when creating your Incident Response Plan/Tabletop Exercise

The lack of inclusion of the C-suite can oftentimes create more issues for the team and more issues for the cyber leader. Ultimately, you end up in a position where the C-suite moves into a panic state because the thought process is not necessarily on the breach at that moment or how to work as a team; the thought process is reputation, shareholder impact, financial risk, etc. Their panic turns into anger and then to grief. Somewhere in that process, there will likely be some level of overreaction.

The C-suite can have such a ramification and impact on the team itself during these stressful situations.

“It is vital for the team to get the C-suite delegates – COO, CFO, CEO — out of the real intensive emotional environment of a breach.”

-Ed Vasko

  • Connect the dots

All humans have this tendency that if we don’t have all the dots connected, we go and create evil plot twists. It is so important to connect the dots for everyone, whether they are our shareholders, stakeholders, or the management team. We want to connect as many dots as we can.

“Even if those dots say, ‘We don’t have all the answers to all those dots, but here’s what we’re doing,’ it helps people from overreacting that, ‘Oh my gosh, we’re going to dump these shares’ or, ‘Everybody’s fired,’ or what have you.”

-Carol Barkes

  • Communicate, communicate, and communicate

A cyber incident is not a time to stop communicating. This is a time to over communicate. Share what happened and what steps you’re taking and what to expect in the coming hours/days. Create a communications plan that says, when this happens, this is what you can expect to have unroll, to prevent knee jerk fight responses.

  • Channel Mother Teresa

If someone is in a fight or flight situation, you will likely see anger or intense emotions. Channel your Mother Teresa or Gandhi. In the neuroscience world, there’s a term that those who have control of their emotions, wins. Try to help deescalate the situation versus going head-to-head with them.

In Summary

Companies need to have a plan around the emotional toll it takes on employees during a breach. Part of the plan should include how to deal with their mental state:

  • How to prepare your team when fight and flight happens to respond
  • How do we get them out of their own way? Even the most experienced security practitioners will forget all the stuff they’ve been trained to do when it’s just a matter of survival

Read the full blog, 6 Must-haves in an Incident Plan to Combat Emotional Distress


About the Guest Speakers:

Ed Vasko, CISSP is the director at Boise State University’s Institute for Pervasive Cybersecurity.

Carol Barkes is an expert on neuroscience-based conflict resolution and communication. She also works at Boise State University.


Tap Our Tech Team On Demand for Break-Fix to Managed NOC-SOC