Latest News

Study demonstrates stress of cyber incidents on responders

Written on Nov 4, 2022

Cyber incident responders are tasked with defending constantly expanding environments from evolving and increasingly aggressive threats. A new study from IBM Security conducted by Morning Consult surveyed more than 1,100 cybersecurity incident responders across 10 countries and found that 67% experience stress or anxiety daily due to the pressures of responding to a cyber incident. 

Cyber responders say do what they do because they’re driven by a sense of duty to the organizations they defend and the people they protect. In fact, nearly 80% of incident responders reference this sense of duty among the top reasons that attract them to the profession. 

According to 50% of survey respondents, managing expectations from multiple stakeholders is the most demanding aspect of the job. At any given time during an incident, responders are fielding multiple, concurrent requests from the client’s C-suite and board of directors, as well as their own management and colleagues. 

Underpinning that is the responder’s sense of responsibility to their client and team to mitigate the incident. It’s our innate drive to do good in the world and our commitment to help people that drives the work we do, and these statistics reflect that. 

What’s more immediately tangible is the skillful time management and energy incident responders put into their work. The study backed this up, finding that: 

  • More than a third are working over 12 hours a day during the most stressful period of the engagement, and these engagements typically last about a month. 

  • Some engagements can even last longer, with 39% of responders in the U.S. facing incidents that carry on for more than four weeks. 

  • Further, 68% say that it’s common to be assigned to respond to two or more cybersecurity incidents at a time. 

Through it all, responders are still willing to do what they do because of their exemplary sense of duty. About 36% listed the sense of duty to help and protect others as the number one reason that attracted them to the job, and this was the top reason attracting them to the field across all 10 countries surveyed. 

There are practical steps organizations can take to help responders: 

First, build IR plans and playbooks from the perspective of the responder. Bring responders in at the very beginning of the playbook process — and when regularly reviewing and updating these plans. Explicitly ask an IR professional what they need in the first day or first 72 hours because these are critical timeframes for responding to an incident successfully. Involving IR professionals from the very beginning of restructuring your plan can keep a bad situation from becoming a worst-case scenario. 

Next, practice these plans. Don’t just check a box with the annual tabletop exercise. Really commit to running through the drills and rehearsing the incidents in a way that is immersive, realistic, and relevant to your specific line of business. A good mindset for rehearsing your plans is thinking of it like a professional athletic team thinks about their training. A team doesn’t just walk onto the field unpracticed. Hours upon hours of planning and practice go into every game so all teammates put their best foot forward, together.