The Growing Threat to Businesses and Employees
As we move into 2025, businesses are facing an ever-increasing wave of cyber threats that jeopardize operations and employees’ livelihoods. Cyberattacks have become the leading cause of data loss and IT downtime, disrupting business continuity on an unprecedented scale.
A recent 2024 Data Health Check survey by Databarracks revealed that over 50% of businesses experienced cyber incidents in the past year. Even more concerning, 37% of those incidents directly resulted in job losses.
Beyond financial and operational disruptions, cyberattacks impose a significant human cost—one that organizations cannot afford to overlook. This raises critical questions: How do cyber incidents impact employees? And what measures can businesses take to protect them?
Job Losses and the Human Cost of Cyberattacks
The harsh reality is that cyberattacks are no longer just an IT problem; they have direct consequences for employees, sometimes leading to job losses. While some dismissals occur as a result of accountability for breaches, others stem from the financial strain attacks impose on organizations.
For instance, UK-based logistics firm KNP Logistics went insolvent in September 2023 following a devastating ransomware attack, forcing 730 employees out of work. Similarly, Capita, an outsourcing specialist, suffered a ransomware attack in 2023 that led to 900 job cuts and pay freezes for thousands of remaining employees in 2024.
This debunks the myth that cyberattacks are victimless crimes covered by insurance. In reality, it is employees—not just the organization—that bear the brunt of the consequences. To build true resilience, businesses must prioritize not just systems and finances but also their people.
Strengthening Workforce Resilience Through Training
Cyber threats are an unavoidable part of today’s digital landscape, making preparedness essential. While many organizations already provide cybersecurity awareness training, few pair it with hands-on incident response exercises—an oversight that weakens their resilience.
To truly prepare employees, businesses must combine awareness training with real-world cyber simulations. Employees should not only recognize threats but also know how to respond effectively in real-time. Simulated phishing attacks, ransomware drills, and crisis-response exercises allow staff to practice decision-making in controlled environments.
This approach ensures employees gain confidence and competence in handling cyber incidents—skills that are critical for minimizing damage when an actual attack occurs. Importantly, cybersecurity is not just an IT responsibility; every department, from leadership to HR, must be involved in the training process.
Crisis Communication: A Key to Business Continuity
Effective communication is a cornerstone of crisis management, yet many organizations underestimate its role during a cyber incident. Encouragingly, over two-thirds of businesses surveyed have a crisis communications plan in place. However, ensuring employees are well-informed and reassured is just as important as managing public relations and customer messaging.
A lack of clear communication can turn a minor security breach into a major business disruption, breeding panic, and misinformation. As the saying goes, “A lie can travel halfway around the world before the truth gets its boots on.” Transparent communication from leadership helps maintain trust and prevents unnecessary confusion.
Even in the worst-case scenario, organizations that keep their employees informed throughout an incident are more likely to emerge stronger, with a workforce that remains engaged and aligned with business objectives.
The Path Forward: A Resilient Workforce
The cybersecurity threat landscape is evolving, but there is a silver lining: Businesses are becoming more confident in their ability to respond to crises. According to the survey, 90% of organizations believe they are better prepared than before.
This is good news not only for business continuity but also for employees, who form the frontline defense against cyber threats. Organizations must take a proactive approach by integrating cybersecurity training, response exercises, and crisis communication strategies into their operations.
Ultimately, safeguarding employees is just as crucial as protecting systems and data. By preparing and equipping the entire organization, businesses can better navigate cyber threats and ensure a more secure future for both their operations and their workforce.