IBM Security announced the results of a worldwide survey investigating the critical role of cybersecurity incident responders at a time when the physical and digital worlds are increasingly converging. The study witnessed that incident responders surveyed, the frontline responders to cyberattacks, are mainly driven by a strong sense of duty to protect others, a responsibility increasingly challenged by the surge of disruptive attacks, from the proliferation of ransomware attacks to the recent rise of wiper malware.
Businesses vital to the global economy, supply chains, and the movement of goods have become prime targets for disruptive cyberattacks. As cyberattacks threaten crucial services to our daily needs, incident responders in these industries face more pressure to defend the digital front line. 81% of respondents stated that the rise of ransomware has exacerbated the psychological demands associated with cybersecurity incidents.
The global survey of over 1,100 cybersecurity incident responders in 10 markets revealed trends and challenges that incident responders experience due to the nature of their profession. Some key highlights include:
- A Sense of Service: Over a third of incident responders were attracted to the field by a sense of duty to protect and the opportunity to help others and businesses. For nearly 80% of respondents, this was one of the top reasons attracting them to IR.
- Fighting Multiple Battlefronts: Amid a growing number of cyberattacks in recent years, 68% of incident responders surveyed stated it’s common to be assigned to respond to two or more overlapping incidents simultaneously.
- Impact on Daily Life: The high demands of cybersecurity engagements also affect incident responders’ personal lives, with 67% experiencing stress or anxiety in their daily lives. Insomnia, burnout, and impact on social life or relationships followed as effects respondents cited. Despite these challenges, the vast majority acknowledged they have a robust support system in place.
An Uneven Battlefield
Cyberattacks have become more disruptive, and their sheer volume has increased. X-Force saw a nearly 25% rise in cybersecurity incidents its IR team engaged in from 2020 to 2021. In addition, Check Point Software Technologies’ research indicates a 50% increase in overall network attacks per week in 2021 compared to 2020. But as the industry is called to respond to a growing number of cyberattacks, only a finite number of cybersecurity professionals are trained and skilled to respond to cybersecurity incidents.
As a result, while many IR teams are forced to take on multiple battlefronts, companies could be left without the necessary resources to mitigate and recover from attacks. The IBM study found that 68% of incident responders surveyed find it familiar to simultaneously need to respond to two or more cybersecurity incidents, highlighting a field that is constantly engaged. Amongst U.S. respondents, 34% said the average length of an IR engagement was 4-6 weeks, while a quarter cited the first week as often the most stressful or demanding engagement period. During this period, about a third of respondents worked more than 12 hours daily.
A Strong Support System in Place
As incident responders take on the pressure and high demands associated with cybersecurity response, the overwhelming majority of respondents acknowledged they have a robust support system. Most respondents feel their leadership understands IR’s activities, while 95% say it provides the support structure for them to succeed. As well, 84% state they have adequate access to mental health support resources, with many respondents (64%) seeking out mental health assistance due to the demanding nature of responding to cyberattacks.
But businesses can further support incident responders, whether in-house Blue Teams or the external IR teams they engage in a cyber crisis, by prioritizing cyber preparedness and creating plans and playbooks customized to their environment and resources. This can help enable a more agile and quick response at the onset of an incident and alleviate an unnecessary layer of pressure across the business.