top of page

The Emotional Toll of Ransomware Attacks

25 Aug 2025

Sophos’s recent report The State of Ransomware 2025 sheds light on the little-discussed human impacts of cyber attacks within compromised organisations. 


Sophos polled 3,400 IT and cyber security leaders across 17 countries who had been hit by ransomware in the past year.  Aside from the financial and reputational costs to the organisations, Sophos found that the organisation’s IT and cyber security teams suffered negative personal consequences from every attack. 


Taking the Fall 

The fallout from a cyber attack was often most severe at the top of the IT team.  In one in four cases, the team’s leadership was replaced as a consequence.   


That might seem “fair” to some.  However, as most CISOs will tell you, business investment decisions are frequently made at the Line of Business level.  CISO projects and investment requests are considered alongside other business priorities and investments – sometimes, deprioritised and rejected.   


In those instances, is it reasonable to hold the CISO accountable? 


As Frank Dickson, group VP for security at IDC, remarked to CSOonline.com: “Some presume that a ransomware attack is the fault of the CISO. The CISO is a leader, but not the leader. Breaches are the result of a pattern of decisions of many.” 


Dickson said that some enterprise business units — even some CEOs and COOs — will sidestep CISOs by deliberately not inviting them to key meetings, out of the fear they will slow down certain business processes. 


With the growing frequency of cyber attacks, and the considerable business disruption they create, that’s shortsighted and risky. 


Emotional Toll 

Sophos’ survey found that the human consequences of a cyber attack were felt well beyond the leadership level.  


  • 41% of IT/cybersecurity teams reported increased anxiety or stress about future attacks. 

  • 34% said the team felt guilty that the attack was not stopped in time. 

  • 40% reported increased pressure from senior leaders - though 31% reported increased recognition. 

  • 31% of teams experienced staff absences due to stress/mental health issues related to the attack. 


The survey responses reveal how a ransomware attack can be a brutal blow — not just to an organisation’s finances and reputation, but to the people responsible for the IT systems.  For the IT team, it’s often a high-stakes, high-pressure ordeal.  


HR & C-Level Support 

An organisation’s Human Resources team and C-suite need to play a critical role in stabilising the IT team in the aftermath of a ransomware crisis. That begins with providing immediate support: 


  • Acknowledging the pressure, and recognising within the organisation the IT team's efforts.  

  • Providing flexible work arrangements, such as adjusted hours, remote work options, and time off where feasible.  

  • Making psychological first aid and counsellors available.  

  • Ensuring clear internal communication, to avoid the stresses of miscommunication and rumours. 


Longer term, the focus should be on building IT team resilience. 


  • Recognising and rewarding the IT team's role in recovery.  

  • Conducting cyber security training across departments - not just IT – to reinforce a culture of shared responsibility. 

  • Implementing retention strategies to mitigate post-ransomware attack attrition.  


Prevention: Better than Cure 

At Generic Systems Australia, we help Australian and New Zealand organisations avoid cyber attacks by making file transfer and email systems smarter and more resilient.  

Please feel welcome to contact me if we can help you.   

We’re your local experts in data transfer.  

 

bottom of page