
Cyber and Fraud Hub Appoints Alex Dowall as CEO Ahead of First Anniversary
The Cyber and Fraud Hub, Scotland’s only dedicated charity supporting individuals affected by cyber crime and fraud, announces the appointment of Alex Dowall as its…
Cyber security is no longer just about firewalls, software updates, and protecting data. It is about people. As cyber threats grow in both frequency and complexity, the pressure on those responsible for handling security continues to rise. While IT teams are often on the frontline, the psychological effects of cyber incidents can be felt across an entire organisation, from leadership to operational staff.
In our recent Cyber Byte webinar*, “Protecting the Human Firewall: Addressing the Mental Health Challenge in Cyber”, Katie O’Neill, Head of Cyber Skills Academy at the Cyber and Fraud Centre – Scotland, hosted an engaging and honest conversation with Stu Hirst, Chief Information Security Officer at Trustpilot, and Scott McElney, Global Chief Information Security Officer at Weir Group. Together, they explored the human side of cyber security, the emotional toll it can take, and what organisations can do to better support their people.
Here are the key themes and insights from the session.
Cyber Security Is Not Just IT’s Responsibility
Cyber incidents impact more than just systems. They affect people across the entire organisation. Katie opened the session by highlighting that cyber security is as much about emotional readiness, as it is about technical defence. With long hours, high pressure, and reputational risk at stake, cyber professionals face growing mental health challenges.
It is essential that leaders take joint responsibility for cyber resilience. This includes supporting those on the frontline, encouraging open conversations, and preparing teams both practically and emotionally for potential incidents.
“It’s also about protecting people.” – Katie O’Neill
Leadership Sets the Tone
One of the most powerful messages came from Stu Hirst, who reminded attendees that stress can spread throughout a whole organisation. When leadership operates under constant pressure, or avoids talking about wellbeing, it can create a culture where stress is normalised, and support is lacking.
“How would you manage my burnout? What mechanisms are in place?” – Stu Hirst
Stu encouraged professionals to ask prospective employers how they approach mental health. A mature organisation should be able to explain not only what support systems are available, but also how they have helped employees in the past.
Scott McElney added that real examples and personal insights go a long way. Leaders should be able to talk about how they have supported staff through challenging times, even if only in general terms. This transparency helps to build trust and shows that support is not just a policy, but a lived reality.
Mental Health Should Be Part of Incident Planning
Cyber incident response plans often cover communications, containment, and recovery. But how many include mental health support for those directly involved in managing the incident?
Katie stressed the importance of integrating emotional wellbeing into response plans. Waiting until after a crisis to check in with teams is too late. The time to build support structures is before something goes wrong.
“We looked at those triggers for burnout, how to recognise them, and how to support each other.” – Katie O’Neill
Organisations should ensure that staff know where to turn for support, and that managers feel confident in offering help when it is needed. Creating a culture that prioritises mental health allows teams to perform better and recover faster from difficult periods.
Put People at the Heart of Cyber Resilience
The message from the webinar was clear. Cyber security is not just a technical challenge. It is a human one. Whilst tools and defences are important, people are the true foundation of a resilient organisation. But change is happening, and organisations are beginning to take the human side of cyber security seriously.
Building a culture that values wellbeing, encourages open dialogue, and takes proactive steps to help team members manage stress is no longer optional. It is essential.
* Please note, we are not mental health experts or professionals. Our discussion touched on our personal experiences of working in the cyber security industry and looked at the wider challenges our peers face.
Helpful resources:
Cyber Connect Scotland: Providing regular, informal meetups where individuals working in the cyber security sector can gather together to; network, discuss the latest industry trends & hot topics within the security sector.
Cope Ahead: A proactive DBT skill helping you visualise and prepare for tough situations, reducing emotional overwhelm.
Breathing Space: A free ‘first stop’ service for those in Scotland, providing empathy, hope and direction to other support services.
Mind Mental Health Helplines Directory: Providing a helpful list of mental health helplines for those in the United Kingdom.