In simple terms, empathy is the ability to understand and share another person’s feelings. This is important in cybersecurity because, as we all know, cybersecurity requires more than just technology; it needs people. Understanding the human element is essential for effective defense in today’s digital world. Utilizing empathy in cybersecurity is beneficial on several levels. Empathy enables cybersecurity professionals to better respond to incidents, anticipate attackers’ behavior, and enhance collaboration. In a broader sense, an empathetic approach can help companies mitigate the devastating damage of cutbacks and go a long way to fostering a more inclusive and diverse culture in the industry.
An Empathetic Approach for Better Defense
Incident Response
Empathy is crucial during cybersecurity incidents and their aftermath. In the immediate aftermath, it helps security teams communicate more effectively with affected parties, reducing panic and fostering cooperation. After the initial chaos of an incident, having an empathetic response helps maintain trust and encourage loyalty among customers and stakeholders.
Enhance Collaboration
In the cybersecurity field, empathy facilitates better collaboration. It improves communication between technical and non-technical team members, leading to more comprehensive security strategies. Empathetic leaders can better motivate and support their teams, especially during high-stress situations like significant security incidents. Understanding different departments’ perspectives helps create security policies that balance protection with business needs.
Attacker Motivation
Empathy in cybersecurity helps us to understand attackers’ mindsets, anticipate their moves, and inform the development of robust defenses. Monitoring activity on specific forums or websites, alongside keeping abreast of the latest hacking trends, can help gain insight into attackers’ motivation. Adopting an empathetic approach gives cybersecurity professionals a greater chance of identifying potential vulnerabilities in systems and processes that arise from human behavior. Understanding the motivations of attackers can lead to more effective defensive strategies and incident response plans.
Why Empathy in Cybersecurity Matters Today
Cutbacks
Nearly two-thirds of cybersecurity workers know someone who was laid off in 2023, according to the 2023 ISC2 Cybersecurity Workforce Study. The comprehensive study surveyed 14,865 cybersecurity professionals, with 71% reporting to have experienced a negative impact on their workload because of cutbacks. Almost two-thirds of professionals also identified that cutbacks degrade productivity, team morale, and the ability to prepare for future threats.
The study found that nearly 65% of entry- and junior-level staff expected the number of cybersecurity workers at their organization to decrease over the next 12 months. Interestingly, however, the higher the seniority of the respondents, the less likely they were to expect a worker reduction in the next 12 months. This disparity emphasizes the need for empathy in the cybersecurity industry. Cybersecurity leaders need to empathize with the concerns of workers below them in the organizational hierarchy and ensure they communicate the company plans for staffing and restructuring ahead of time.
Empathetic leadership is a management style guided by understanding, compassion, and inclusivity. Leaders who subscribe to this style are assets to organizations because they enrich work culture and improve job performance.
A Lack of Inclusivity
“It’s a security risk not to have the diverse perspective that women bring to the table,” Lynn Dohm, Executive Director of Women in CyberSecurity (WiCyS), stated in a recent interview. The WiCy’s 2023 State of Inclusion Benchmark in Cybersecurity Report became the first-ever assessment to report extensive inclusion data across an entire industry sector, and it produced some alarming findings. One of those being that women were excluded at a rate 2 times higher than men. The report also found that women were 5 times more likely to cite their direct managers and peers as the sources of said exclusion than their male colleagues.
Top Cyber Empathy Advocates
Cyber empathy advocates work to bring about positive change in their industry. Here are some key figures in cybersecurity who have made it their mission to put empathy at the heart of the conversation.
Andra Zaharia
When highlighting significant cyber empathy advocates, it would be remiss not to begin with someone who has a website, podcast, and manifesto dedicated to the topic. On her cyber empathy website, Andra Zaharia explains how she started her podcast to showcase individuals whose actions keep technology accessible, decentralized, and human. Andra strives to embody the principles listed in her cyber empathy manifesto, which details how, in order to carry out meaningful work in cybersecurity, human behavior should be understood as profoundly as technology.
Jane Frankland
As a decorated cybersecurity influencer for smart brands and a strategic business growth advisor with over 20 years of experience working in cyber – Jane Frankland knows what works and what doesn’t. In an interview with Stories ink, Jane asserted, “Effective leadership requires empathy, active listening, and a commitment to understanding and supporting the needs of the team”. Although a leader herself, Jane is a passionate advocate for the advancement of women occupying all roles in cybersecurity. Jane is keen not to see women who have been successful in the industry gatekeeping their success. By advocating for female leaders in the industry to mentor other women to help them succeed, Jane is an excellent example of a cyber empathy advocate!
Jessica Barker
Jessica Barker has long advocated for empathy in cybersecurity, stating that “empathy is the most important, underrated skill in cybersecurity.” In her 2001 book Cybersecurity ABCs, she asserts that many issues that arise in cybersecurity can be avoided or mitigated through improved cybersecurity awareness, behaviour, and culture change (ABCs). One area of practice in cybersecurity she has repeatedly identified as needing a more empathetic approach is the language used. Jessica decries the use of phrases like “Repeat offenders” or “humans are the weakest link,” asserting that “If we had empathy and compassion in security, it would never occur to us to call people the weakest link or to refer to them as repeat offenders.”
Jenny Radcliffe
As the founder and Director of Human Factor Security, keynote speaker, renowned author, and social engineer, Jenny Radcliffe is a well-known figure in the InfoSec space. Jenny speaks, consults, and trains people in the skills of “people hacking” and explains how “social engineeringWhat is Social Engineering? Social engineering is a manipulative tactic cybercriminals use to deceive individuals into divulging confidential information or performing actions that compromise security. Unlike technical attacks, which exploit software...,” using psychological methods, can be a significant threat to organizations of all sizes. She highlights how this knowledge is precious for security professionals by demonstrating to audiences how she uses psychological methods to pen-test companies and identify weaknesses in their security measures.
A Generous Mindset.
Empathy in cybersecurity is not just a strategy—it’s a reflection of a generous mindset. By understanding and appreciating the human element in cybersecurity, we can foster environments that are inclusive, compassionate, and resilient. Embracing empathy better equips cybersecurity professionals to anticipate threats, support their teams, and build defenses that protect people. Cultivating this generous mindset strengthens our cybersecurity posture and creates a more supportive and effective digital world.
If you found this article about empathy in cybersecurity interesting and informative, please check out this related blog: Cyberbullying: Practical Prevention.