Building Human Resilience in Incident Response Teams


To bounce back to shape after disruptive events, and even grow in times of adversity is often labelled as ‘being resilient’ – a term that seems to be on everyone’s agenda these days, and cyber security teams are no exception.


People are a critical part of the crisis response process, however increasing human resilience presents a challenge. Continuously developing crisis team members' competencies and soft-skills is a good place to start the process. CyberFish exists to help organisations strengthen the human element of crisis response by offering cyber incident simulation exercises, that are specifically designed by organisational psychologists and crisis management experts to improve team resilience.


Since our inception in 2018, we have helped more than 500 cyber security decision makers build human resilience in their crisis teams, by empowering them with the key skills and knowledge to be able to effectively work together as a team, safeguard the safety and reputation of their organisations, and improve work satisfaction as well.


You may find the thoughts below useful in your journey to increase human resilience in your crisis team.


  1. Incident Response is a team sport, but high stress conditions lead to self-focus

Cyber Incident Response teams work always as part of a team, and are expected to perform together during long stretches of stressful, high-uncertainty incident response operations. How they work together matters, not only because team cohesion is strongly linked with effectiveness and the optimal use of expertise of team members, but also because cohesion means a shared interpersonal bond, a sense of pride that comes from being part of that team. This sense of belonging to a winning team can reduce anxiety and instil intra-team protective behaviours. A cohesive team not only makes team members assume personal responsibility for achieving team goals, but also prompts team members to step in, when someone needs help.


Unfortunately, chronic stress and continuous anxiety are increasingly common within incident response teams, with more than 50% of CISO’s reporting mental health issues, and almost 70% describing their stress levels at work as ‘significant’ [1]. Just as mental fatigue and a constant high demand for information processing can lead to a diminished attentional focus, and consequently, to the 'tunnelling' of information, in a team context, coping in stressful times is accompanied by a shift to self-focus and the loss of team perspective. This narrowing effect of team focus has been linked to a degrading team performance, by organisational psychologists.

[1] https://www.tines.com/reports/state-of-mental-health-in-cybersecurity/


2. Exercising risk scenarios together increases team cohesion, psychological flexibility of team members and reduce single points of failures in incident plans


The positive effect of exercising risk scenarios in a team are manifold, starting at the most obvious ones for ticking compliance boxes, and training for technical mitigation strategies through playbooks and plans. Many teams also report that exercising together as a team also arm members with trust in teamwork, by sharing a mutual understanding for prioritising tasks, involving different parts of the business in preparing decision-making, having established and used shared mental models for communicating internally.


Exercising collaboration and problem solving as a team creates additional resources for psychological flexibility in crisis team members. This new team capacity is the result of increased connectedness to shared values and objectives as known to all team members, and the shared mental models around the concepts and histories of managing stressful situations together. Uncertainties are reduced by the continuous mapping of subject matter expertise across the business. Talent gaps are revealed in time to be able to eliminated before they turn into single points of failures.


3. Resilience cannot be built in isolation: we need resilient ecosystems to build resilient societies


Including your supply chain members and the local ecosystem in exercising disruption scenarios together is an effective way for building robust communities that can work together to prevent, respond to and recover from business disruptions that has a potential to cause harm to market integrity and societal resilience. The FCA requires financial sector organisations to explore the knock-on effects of business disruption for other market participants, particularly for those, who provide services to critical national infrastructure. We strongly advocate looking beyond the harm that can be caused to customers, to include supply chain members and local communities be considered as part of the incident planning routine.


By having critical parties to the organisation's incident response plan included in regular exercising events resilient ecosystems can be forged, that are much more difficult to attack, and once compromised, recover normal functioning faster, by working effectively together.










7 views0 comments