Rubrik Zero Labs’ “The State of Data Security” report contains eye-opening insights on the real impact of cybersecurity breaches.

When analyzing the impact of cybersecurity breaches, much of the focus is on how much data is compromised and how much the breach will cost a company. Rubrik Zero Labs’ latest research, however, analyzes the human impact of cybersecurity incidents, shedding light on an under-reported consequence.

According to the report, “36% of organizations in our study dealt with a leadership change in the last year due to a cyberattack and its follow-on response.” In fact, in a large percentage of cybersecurity incidents, boards and/or executive leadership lacked confidence in the organization’s ability to recover. Only 27% were completely confident, while 40% were ‘usually confident, but with occasional scrutiny,’ and 33% had little to no confidence, no doubt playing a major role the 36% of companies changing leadership.

What’s more, a whopping 96% of IT and Security leaders experienced a significant emotional and psychological toll. The effects included worrying about job security, as well as concerns they had lost the trust of their colleagues and organization.

“We often overlook the psychological dimension of cyberattacks and the chaos that tends to follow after discovering an incident,” said Chris Krebs, Former Director of CISA and Founding Partner of the Krebs Stamos Group. “The bad guys sure have figured it out, though, with criminals and state actors alike trying to generate emotional responses when they attack, as evidenced by the increase in criminal extortion efforts and hack and leak campaigns. In the end, IT and security leaders alike tend to take the blame for these cyberattacks.

“One of the most effective techniques I’ve seen to prepare for these types of attacks is to accept you’re going to have a bad day at some point, and your job is to ensure that it doesn’t become a ‘worse day.’ This is why we need defenders across the spectrum to come together – sharing best practices, learnings after attacks, simulations, frameworks – so that we’re collectively strengthening our defenses and minimizing the psychological impact brought on by an attack.”