Cyber security teams suffering from hidden tolls of ransomware attacks
Cyber security professionals are struggling with feelings of anxiety, guilt and fear for their career prospects in the wake of ransomware attacks, according to the latest State of Ransomware report from Sophos, the results of which were discussed at a webinar moderated by TechCentral.ie editor Niall Kitson.
While 2025 data shows encouraging trends – ransomware attacks are declining in frequency, recovery times are improving, and fewer organisations are paying ransoms – the human cost remains alarmingly high. According to Sophos’s sixth annual State of Ransomware report, which surveyed 3,400 IT and cyber security leaders across 17 countries. Almost half (41%) of cyber security professionals reported increased anxiety about future attacks, while a similar number experienced heightened pressure from senior leadership following an incident.
Sophos cyber security evangelist Jonathan Hope noted that just over a third (34%) of respondants experienced feelings of guilt after an attack, despite often having no direct responsibility for the breach. On an organisational level, 25% of organisations responded to ransomware incidents by replacing leadership.
Kitson and Hope were joined on the panel by Jennifer Cox, start-up solutions engineering & sales leader, Tines; recruitment professional Ellie Doyle; and Brian Honan, CEO & principal consultant, BH Consulting.
The panel agreed that the root causes of successful attacks remain stubbornly human-centred. While exploited vulnerabilities top the list of entry points – often because patching falls by the wayside due to time constraints – social engineering, phishing, and stolen credentials follow closely behind. Hope argued that even the “technology problem” of unpatched systems ultimately stems from human decisions about prioritisation and resource allocation.
The panelists painted a stark picture of what incident response actually entails. Cox described the anxiety of performing system patches during anti-social hours, then waiting for alerts while “crossing your fingers and praying that nothing goes wrong”. During active breaches, teams work around the clock against skilled adversaries, facing not just technical challenges but the psychological pressure of knowing their actions could determine whether their company survives.
Beyond the immediate crisis, cyber security professionals face finger-pointing during post-incident debriefs, potential personal liability under regulations like NIS2 and DORA, and reputational damage that can follow them throughout their careers. Some professionals have received death threats following major breaches, while others have experienced complete breakdowns.
The panel offered several recommendations for supporting cyber security teams. Honan advocated for including HR professionals on incident response teams specifically to monitor team wellbeing during crises. He also stressed the importance of normalising mental health discussions, encouraging leaders to recognise contributions, ensure staff take holidays, and enable networking with peers who understand the unique pressures of the field.
Cox emphasised the critical importance of the right to disconnect, noting that while practitioners may work irregular hours, leaders must actively police boundaries to prevent burnout. She also highlighted that talented professionals will leave organizations that prevent them from doing good work through inadequate funding or support.
From a recruitment perspective, Doyle advised that having experienced a breach shouldn’t be viewed as a career liability. Using the STAR technique (situation, task, action, result), candidates can demonstrate self-awareness and learning from incidents. The key is addressing such experiences proactively rather than allowing them to become unspoken red flags.
Hope concluded by advocating for regular tabletop exercises that bring IT teams face-to-face with business leaders. These drills not only ensure preparedness but build crucial rapport that can prevent the dehumanisation and blame-shifting that too often follow real incidents.
As ransomware evolves from a technical challenge into an established criminal industry, the conversation must expand beyond recovery statistics to encompass the human beings defending organisations on the front lines.
TechCentral Reporters
AI was used in the writing of this article
Subscribers 0
Fans 0
Followers 0
Followers