top of page

Managing stress in incident response teams

Stress is an occupational reality for corporate cybersecurity teams. The job comes with the immense pressure of managing specific cyber incidents that can take months at a time, erode shareholder value and potentially destroy the reputation of the business. Even on good days there’s the underlying anxiety of not knowing what might be around the corner.

It’s no surprise then that Gartner predicts half of cybersecurity leaders will change jobs by 2025. Or that 25% will pursue different roles entirely, spurred by a feeling of burnout.

Stressful situations cannot be avoided in this industry. However, there are strategies and techniques that ensure it is appropriately managed and contained. Delivering crisis management exercises as a team is a crucial aspect of enhancing team performance and cohesion. It builds the muscle memory required for effective teamwork, equipping cyber incident response team to cope with challenging circumstances.

Incident simulations that stress-test difficult decision scenarios are a good way of assessing your incident response team’s readiness to respond to worst-case scenarios the business may face, such as a successful ransomware attack, managing internal and external stakeholder interests, and communicating difficult messages to clients, suppliers, and the wider public.

CyberFish designs and delivers crisis simulations that are designed by cyber threat intelligence, organisational psychology and neuroscience experts to create the necessary level of ambiguity your teams need to simulate stressful events effectively.

Our clients report that exercising with CyberFish scenarios results in improved employee wellbeing, more effective collaboration and better performance. Our learning modules and simulations empower crisis team members with the confidence and trust they need to work together and support each other, recognising signs of anxiety and stress, so they can be better managed, individually and as part of a team.

Based on what we’ve learned while training over 600 decision-makers in cyber security teams over the past 5 years, we've learned a few things about how to enhance performance in the crisis management team.

First and foremost, we believe that hard drills make for easy battles.

We advise our clients to get in the habit of running regular training sessions to cover a range of different scenarios. We find that most teams exercise once a year, with the objective of establishing whether colleagues are aware of the existence of an incident response plan, and their own responsibilities and roles in case a business disruption happens.

However, when a real incident happens, it almost never unfolds in the way you’ve imagined it in your plans. Teams will inevitably be presented with new situations that no-one had thought about and they’ll have to work together as a team to come up with viable alternatives and confident decision-making, fast. We help them get into the habit of building muscle memory for improvising under extreme stress.

Here are some tips on how to get started:

1. Get in the habit of doing sims. Do lots of different role plays and simulations together, as a team. This could mean wargaming highly unlikely, but still plausible situations and looking at the level of leadership, decision-making, and communications.

By using the Resilience Dojo cyber incident exercise scenarios and learning modules, you'll save lots of design time and can get started with sims right away.

2. Start project meetings with micro-simulations of potentially controversial issues that could surface and discussing how team members would respond. By adding aspects of data breach, system failure, and other cybersecurity risks to these simulations, you'll be able to clarify your playbooks and identify any knowledge gaps within the organisation. This will help your team better handle real-life incidents.

3. Get your team members provide statement lines on recent events. Get everyone in the habit of practicing in-the-moment thinking and working together effectively to address the next black swan.

All of these factors can make decision making in incident response teams incredibly complex and challenging. It's important for teams to share mental models, terminology and a clear process for decision making, stress management and crisis communications, and put this into practice as part of their incident simulations.

Creating clarity around accountability and visibility of the roles within the process of decision preparation, decision making and delivery will help take some of the pressure off when disaster strikes.

Get in touch today to make your incident response teams crisis-ready.

🚨 Limited Time Offer: Valid for the month of August only 🚨

Complete the CyberFish learning modules on decision-making, stress management and crisis communication and receive a 30% discount on your Discovery Session with our team of cyber risk, organisational psychology and neuroscience experts.

25 views0 comments


bottom of page