IT employees are under constant pressure. The threat landscape is dynamic, complex and often unpredictable. A single successful attack can not only paralyze systems but also shake the professional existence and self-esteem of those responsible.
It has long been known that cyberattacks are a technical problem and can have serious financial consequences. However, while companies are investing billions in security solutions, one key dimension often goes unnoticed: the mental and physical health of those on the front lines of the fight against digital threats – namely your IT team.
Cyberattacks as a Permanent Stress Factor
IT employees are under constant pressure. The threat landscape is dynamic, complex and often unpredictable. A single successful attack can not only paralyze systems but also shake the professional existence and self-esteem of those responsible.
Many IT professionals report a feeling of permanent alertness. The fear of making a mistake or overlooking a weak point can lead to chronic stress. This stress is not only psychologically demanding, but can also cause physical symptoms such as sleep disorders, headaches, stomach problems or cardiovascular diseases.
Psychological Stress: Fear, Guilt and Burnout
A cyberattack is often associated with blame – whether internally within the company or by external stakeholders. IT employees feel personally responsible, even if the causes are complex and multi-faceted. This feeling of guilt can lead to depression, anxiety disorders and withdrawal from the social environment.
According to a study by Northwave, one in seven IT employees still showed symptoms that require professional trauma treatment months after a ransomware attack. A fifth of those surveyed stated they would like more psychological support after an incident. In particularly intensive cases, there is often an increased number of employees who resign in the months following a cyberattack.
The feeling of loss of control and powerlessness is also widespread. The platform TECXERO describes that many of those affected feel guilty, even though they objectively bear no responsibility. This psychological stress can significantly affect self-esteem.
Workplace Culture and Expectations
A relevant factor in this context is workplace culture. IT departments often take on the role of the “fire brigade”, which must be ready for action around the clock. Contingency plans, on-call services and the expectation of being available outside of regular working hours add to the pressure.
Furthermore, successes in IT security often go unnoticed. A prevented attack is rarely commented upon, while a successful attack attracts immediate attention and criticism. This asymmetrical perception contributes to demotivation and the feeling of invisibility among IT employees.
Lack of Support and Resources
Many IT departments are chronically understaffed. The complexity of modern IT systems requires specialised knowledge, but the shortage of skilled workers is omnipresent. Employees must often fulfil several roles at the same time – from network administrator to incident responder with little to no psychological support. While companies activate PR strategies and technical recovery plans after a cyberattack, the mental health of employees is left out.
According to the SoSafe Human Risk Review 2024, 57% of cybersecurity professionals in the DACH region suffer from burnout. 83% report that stress has already led to security-related errors.
The Mimecast study shows that 54% of IT security workers say ransomware threats negatively impact their mental health. 42% are considering changing jobs within two years due to stress or burnout.
Concrete Examples from Practice
In recent years, GrECo and CERTAINITY have participated from an insurance or DFIR perspective in the fallout after many cyberattacks. In two of these cyberattacks, the health consequences of an attack were also tracked and an increase in the number of people resigning was observed after the crisis had been overcome. In the first case, which took place on a Thursday, the IT employee responsible for the backups quit on Saturday and did not return to work again for health reasons. In the second case, the head of IT suffered a heart attack due to the high stress level and was absent for several months. In both cases, the respective company had massive problems compensating for these failures and external support became necessary.
Six Steps to Minimise Psychological Stress for IT Employees
HORIZON Risk Thought >> Fast Forward
The complexity of today´s risk environment is changing at an accelerating pace, making risk management even more challenging. We have created HORIZON, firstly as a print publication and now as a page for sharing the latest insights about ongoing transformations. Our risk specialists will continue to provide their expertise and knowledge to shine a light on the challenges of the future.
Mihajlo Milanovic
Competence Center Manager Liability & Financial Lines
T +43 664 962 40 27
Ulrich Fleck
CERTAINITY
