The mental health impact of ransomware attacks

Ransomware attacks are on the rise with no slowdown in sight. With more employees working remotely than ever before—which blurs the lines between work hours and home life hours—cybersecurity and information security professionals are suffering burnout at alarming rates. Combine this with recent studies showing that most ransomware attacks occur on holidays and weekends—you have a recipe for a mental health crisis.

Northwave, a security firm based out of the Netherlands, examined the mental impact of ransomware incidents on CERT employees, managers, and employees.

The scope of the research included Northwave employees, CEOs, IT managers, and others for a total of 352 respondents.

Cybersecurity professionals struggle with health issues following ransomware attacks

The research made 10 significant findings, which are summarized below:

1. The impact of ransomware incidents on mental health is significant. It persists across 3 phases: the first week of the attack, the first month after the attack, and the year after the attack.
2. Sleeping problems. Sleeping problems are common among CERT members (81%), and are at their worst in phase 1: the first week of the attack (60%).
3. Unhealthy coping mechanisms, especially during the first week of the attack, include eating junk food, drinking alcohol, or smoking.
4. Guilt. Guilt is a common emotion during the first two phases of a ransomware attack (within the first week and month of the attack). A commonly reported guilt is “I should have seen this coming.”
5. About two-thirds of respondents believe the world is in a dangerous place.
6. During the third phase of the ransomware attack period (between 1 month and 1 year after the attack), about 1 in 7 report seeking psychological help due to severe trauma.
7. About 20% of those involved in the ransomware attack have seriously considered or are considering changing jobs.
8. The impact on mental health appears to be not restricted to the employees directly responding to the ransomware attack. Thus, mental health services should not be limited to just the most visible groups.
9. The importance of early detection of mental and physical health impacts is vital as it was observed in each phase of the ransomware attack
10. Of those directly involved with ransomware remediation, 20% would have liked professional help to cope with mental health; 67% want to evaluate with team members after the incident, and 32% desire “concrete tools to deal with the impact of the attack.”

The complete report is available on Northwave’s website in PDF format.