Data breaches have become relatively common in the past couple of years. While these incident cause a colossal loss to the companies and their users, there is another side to them that is often ignored: the impact these incidents have on the IT managers who deal with the aftermath of the breach.
According to a report titled "Taking care of corporate security and employee privacy: why cyber-protection is vital for both businesses and their staff", nearly 33% enterprise employees who are involved in the aftermath of a cyber attack suffered additional stress due to the incident while 32% employees had to work over night to secure their company's systems.
Apart from their health, these cyber attacks also took a hit on these employees' personal lives with nearly 30% people missing important personal events and 27% employees cancelling their vacations.
Furthermore, the report states that the work-related stress also encroached the IT employees' work-life balance with 76% employees feeling that it impacts their personal relationships, and 16% even quitting their current job because of it.
The report makes another interesting finding: an increasing number of employee absent days caused by stress can cost a large enterprise up to $3.5 million annually.
Coming to the data breaches, the report states that cybersecurity incidents may contribute to a negative work experience of nearly 48% small and medium business enterprises and nearly 53% enterprises. Herein, 33% administrators said that fell into much more stress than they would usually, regardless if they were working in a big enterprise with advanced incident response practices, or in a medium-sized business without a dedicated IT security department.
Data breaches also caused the IT and IT security teams to work overtime with 33% employees in SMBs and 32% employees in enterprises working over night or over time to clean up and fix the system, and take measures to prevent the attack being repeated. The report also said that nearly 20% of IT professionals in SMBs and 30% in enterprises said that they worked over time and missed personal events due to data breaches.
The cybersecurity firm recommends transparency and focussing on properly investigating the causes and consequences instead of just searching for any guilty staff to deal with a data breach. "In 'peace time', it is best to prepare a list of steps for an IT department in case of an incident: who to inform first, who is responsible for what and what steps should be made. This helps employees feel prepared and can relieve potential panic and stress," the firm noted.