top of page

The human cost of a cyber-attack

Updated: Nov 30, 2022

When you think of cyber-attacks and cybercrime, what’s the first thing that comes to your mind? Hooded people hidden in dark rooms, typing green code on their screens? Stolen data, such as passwords and card information? What about the very real impact on people?

How can cyber-attacks impact humans?

Some of the most known cybercrimes include identity theft, ransomware, cyber extortion, phishing, data breaches, and online shopping scams. The negative effects of cybercrimes can impact businesses and individuals in many ways, and we’re going to unpack them here.

Cyber-attacks affect employees and clients

Data is the new oil (as in, a hugely valuable asset), and cybercriminals are finding new ways to gain access to confidential customer data and critical business information. This might include patents, trade secrets, employee records, client information, etc. Once it’s made public that this information has been accessed, many clients and employees will be anxious that their data is in the wrong hands. If you’re a charity that safeguards vulnerable people, then the addresses of safe houses may be compromised after a hack. If you’re a children’s charity, then the children’s names, addresses and schools may have been accessed, meaning they might move or change schools to avoid being found.

The guilt of employees in a cyber-attack

Those who have caused a cyber security incident often feel guilt and shame, and their employers’ response can boost these negative emotions. It’s the employee’s responsibility to comply with the company’s policies and to understand their role and responsibilities in handling data and dealing with data breaches and cybersecurity incidents. As employers, we need to make it easier for employees to tell their organisation that they’ve made a mistake. Employees need to feel safe when owning up to a problem rather than hiding it, so it’s important to nurture a no-blame culture within the organisation.

However, it’s the employer’s responsibility to ensure they have an updated data protection and cybersecurity policy in place. This includes a refreshed data protection and cybersecurity training program that reflects current working patterns, the new vulnerabilities exposed by new technologies, and ways of spotting and preventing cyber-attacks. The mental health of the employees can be impacted if they caused the attack, and if their data was compromised, which can lead to the employees quitting.

Cyber-attacks and the impact on jobs

One of the worst consequences of a cyber-attack is unhappy clients. Clients may be extremely distressed, upset, or angry if their data has been taken, and this may cause them to stop using the company altogether. They may also tell family/friends or report it to their local newspapers or on social media to warn others, damaging the reputation of the company. Looking at microbusinesses, there would be a huge impact on employment if the business was forced to close as the whole team would all be out of a job. Understandably, the financial and mental health impact would be horrific.

How to minimise the impact of cyber-attacks on businesses

Educate everyone in your organisation. 82% to 95% of all successful cyber-attacks are due to human error. Training against cyber-attacks is the best way to fight against cybercrime after strengthening the general cyber-security of the charity.

Important lessons for keeping cyber-secure:

  • Examine the sender of any email: check that the recipient is real and that any URL directs you to a safe page. Often URLs prompting for login details are fake.

  • Keep your password to yourself: It is extremely rare that your IT department (or anyone else) will ask for your password via email.

  • Think before you click: Cyber criminals will try and prompt a fast response, so think twice before you click on any link.

  • Report it: If you are uncertain about an email, report it. Your IT department should have protocols in place for detecting and deleting suspicious emails.

Secondly, consider obtaining Cyber Essentials Plus. This is a simple and effective Government-backed scheme, supported by industry experts and the Cyber Resilience Centre Network, that will help you put measures in place to protect your organisation, regardless of size or sector, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware, and phishing.

Ready to take the next step to minimise the effect of cyber-attacks on your organisation? We can signpost you to one of our trusted partners, who can help you through the process of gaining the Cyber Essentials Plus qualification.

If you’d like to find out more about protecting your organisation against the rising threats of cybercrime, or Cyber Essentials, contact us today.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page