Empowering People, Protecting Data: Building Cyber Resilience through Emotional Intelligence

A few years ago, I had an intriguing conversation with the CEO of a multi-million-dollar company. He was a sharp, hands-on leader with a strategic outlook—focused on the future without losing sight of present needs. I was explaining why resilience needs to be more than a buzzword, as people often perceive resilience training as an excuse to do more with less.

Organizational change fatigue can quickly supersede motivation for transformation. When people experience heightened stress and fear, they often feel more negative emotions, which can push them into survival mode, hindering their ability to think and reflect clearly.

In today’s digital era, where digitization journeys increasingly expose businesses to risk, resilience skills—teaching people not to break under pressure—are essential.

He looked at me with a serious facial expression and said:

"Nadja, I'm fed up with coaches like you trying to bombard us with resilience stuff. Even big consulting companies don't understand how we work and release reports that are feasible in theory but not on the ground."

I appreciate when people challenge my ideas because that’s where true innovation and progress begin—in disagreement. When we disagree, we challenge each other to think beyond our biases and subconscious beliefs, arriving at renewed conclusions based on common ground—a win-win situation.

Our lively discussion led us both to see that resilience is indeed key, but resilience for people differs from resilience for processes and technology.

Change happens to us; disruption happens within us. It’s an emotional transition that brings discomfort and increases people’s resistance to change. This is why some individuals hesitate to use new technology systems or improve their cyber hygiene habits for safer work practices.

The Underestimated Risk of the Human Factor

Despite significant investments in cybersecurity technologies, breaches continue to occur. The now widely accepted statistic is that over 90% of data breaches stem from human error and social engineering attacks.

Cybercrime is to cost our global economy 10.5$ trillion annually by next year. The Commission opened calls worth over €210 million under the Digital Europe Programme (DEP) for proposals to strengthen cybersecurity and digital capacities across the EU.

Yet, in my conversations with employees, they often express resistance to standard cybersecurity awareness videos. These videos have not been proven to reduce human error on a sustainable basis, and have instead increased workplace frustration and decreased staff morale.

Let's face it: eliminating human error entirely is impossible.

People make mistakes and will continue to do so. For lasting behavioural change, individuals need to understand their "why," and the information must be presented in a way that aligns with their worldview.

Too often, trainers and vendors speak inside out, putting cybersecurity at the forefront, instead of putting the needs of the employees first within the cybersecurity context and the risk it represents to their core values, to their needs, and to their personal sense of safety and security.

Social engineering—essentially the psychological manipulation of people into performing actions or divulging confidential information—remains a prevalent tactic because it preys on our natural tendencies and emotions.

Often, the weakest link isn't the technology itself but the people using it. Underestimating the risk posed by human factors is a pain point that many organizations grapple with, and this risk is only increasing. Yet, I resist labelling humans as “the weakest link,” despite this reality, because words and language matter.

How are you going to motivate your workforce to take accountability for their online actions and the potential impacts on data integrity if you fundamentally view them as a problem—a pebble in your shoe to get rid of as quickly as possible?

Fear is another consideration. Traditional leadership styles often use the carrot-and-stick approach to enforce cybersecurity policies, thinking it will make people comply.

However, such approaches are insufficient for sustainable behavioural change. Instead of motivating employees, these tactics can instill fear and stress, making them even more susceptible to mistakes.

In Jessica Barker MBE PhD 's insightful article, she explains that appealing to fear may work for short-term compliance but fails to yield long-term progress.

Research supports this, showing that stress and fear impair cognitive functions, leading to decreased vigilance and increased vulnerability. According to the American Psychological Association, chronic stress can hinder problem-solving abilities and increase errors in decision-making (APA, 2018). This creates an environment ripe for cyber threats to exploit human weaknesses.

Integrating Emotional Intelligence for Enhanced Resilience

How can we address this escalating risk? Part of the solution lies in integrating emotional intelligence (EQ) into the core of your organization—culturally, in leadership, and in everyday behaviors.

Emotional intelligence, in essence, is about understanding, managing, and validating our emotions. Imagine emotions as children in the backseat of a car—you can’t put them in the driver’s seat, but you can’t shove them in the trunk either. Keeping them in sight allows you to validate and manage them, while you, as the leader, maintain control over the direction.

When we look at the human factor risk, reducing it must be based on three pillars: culture, leadership, and behavioural transformation or change management programs.

Pillar Number One: Cultural Dimension – Building a Resilient Organizational Culture

A culture that values emotional intelligence fosters an environment where employees feel understood, valued, and engaged. Promoting emotional openness and empathy builds a supportive and collaborative workplace. This strengthens team cohesion and cultivates trust—elements essential for effective incident response and recovery.

When employees trust one another and communicate openly, they are more likely to report suspicious activities, share crucial information promptly, and work together to mitigate threats. This collective vigilance strengthens your organization’s resilience against cyber threats.

Leadership Dimension: EQ-Driven Leadership in Crisis

In times of crisis, leadership sets the tone for the entire organization. Leaders who utilize emotional intelligence can guide their teams more effectively through recovery processes. Transparent and empathetic communication reduces fear and stress, enabling employees to focus on solutions rather than problems. Building this capacity as a day-to-day leadership skill allows it to become second nature, crisis or not.

Consider a scenario where a cyber incident occurs. A leader who addresses the team with honesty and empathy acknowledges their concerns, provides clear guidance, and fosters a solution-oriented mindset. This EQ-driven approach not only resolves the immediate crisis but also reinforces the team's confidence and trust in leadership.

Behavioural Dimension: Adaptive Learning and Growth

Teams with high emotional intelligence levels are better equipped to adapt and learn from cyber incidents. They are more capable of managing emotional discomfort in unfamiliar scenarios, pressure, and high-stakes environments. They respond proactively to challenges, viewing setbacks as opportunities for growth and exhibiting resilience in adversity. By incorporating emotional feedback loops, organizations can refine their cybersecurity practices, making them more effective and adaptive over time.

Integrating emotional intelligence with technological strategies creates a holistic defense strategy, breaking down silos and eliminating organizational blindness. This synergy builds organizational resilience at every level—cultural, leadership, and behavioral. It’s not just about preventing breaches but also about fostering an environment where the entire team is engaged in safeguarding the organization’s assets.

Take the Next Step Towards True Resilience

Ready to transform your organization's cyber resilience by integrating emotional intelligence strategies? Let’s talk about how we can help you achieve this desired outcome.

Schedule a call with me today to discover how safety as a service, enriched with emotional intelligence and resiliency strategies, can strengthen your human shield on your digitization journey, ensuring data integrity and security—foundations of trust with your customers.

Looking Ahead

Stay tuned for next week's discussion, where we’ll dive into the readiness phase and explore how building human agility can further reduce risks!