Human error is not random; it is a predictable response, particularly in high-pressure situations. The challenge is that while the technical and engineering layers have been extensively developed, the human element is often overlooked. People are simply expected to cope, especially in cybersecurity.
Coming from a background in defence, aviation and rail – industries where working under pressure is the norm – the contrast is clear. In those fields, professionals such as the military, police, firefighters and paramedics are trained not only in technical skills but also in how to manage pressure. In cybersecurity, by comparison, the focus has largely been on technical training, with the expectation that individuals will handle whatever comes their way.
As one industry peer recently put it, cybersecurity defences are effectively like a fifth or sixth emergency service. Yet they are not always recognised or supported in the same way. This highlights a gap in training and support for those working in cyberdefence.
Why should confidence be treated as a measurable performance capability rather than a soft skill in cybersecurity?
Confidence is a particularly interesting factor because the brain functions differently under pressure. It is also an inherently emotional experience. Individuals are aware that they are responsible for the consequences of their decisions, and there can be concerns about job security. Cybersecurity teams are often viewed as being at fault if something goes wrong, which can undermine confidence and, in turn, affect decision-making.
Confidence is not simply a matter of personality or experience. When it is present, it can support faster decision-making and reinforce trust in those decisions. Conversely, a lack of confidence can lead to hesitation, delays and slower escalation.
However, too much confidence can be just as problematic. It may result in individuals rushing ahead and committing to the wrong course of action. Confidence, therefore, is closely linked to emotional regulation and can shift in either direction depending on how well that is managed.
What is needed is a calibrated level of confidence. Research shows that when individuals are taught how to manage stress, pressure and their emotional responses, their confidence improves in a more balanced way. Those who struggle with emotional regulation are more likely to swing between overconfidence and underconfidence, both of which can hinder effective decision-making.
Ultimately, confidence is not about being certain, but about remaining capable of making decisions under pressure.
What does true cognitive readiness look like for CISO teams facing high pressure cyberincidents?
I see cognitive readiness as a defence strategy. As I mentioned earlier, I think we underestimate the impact that this environment has on the people working within it.
Cognitive readiness is about maintaining composure under pressure and being able to use adaptive thinking, adjusting your thinking style depending on the situation. It also involves building strong relationships and trust, because friction is inevitable when people are under pressure and working with different priorities. It is about being able to adjust in real time as situations unfold.
When teams are cognitively ready in these areas, they can make decisions without waiting for perfect information. They can update their assessments as new evidence comes in and align the different people involved in a cybersecurity response, including IT, legal and leadership. It is also about escalating based on risk rather than certainty, and being comfortable with that. As the saying goes in a VUCA environment, you have to be comfortable with being uncomfortable, and that is very true.
Technology will help detect incidents, but cognitive readiness determines how well organisations respond to them. This applies not only during the incident itself but also in the recovery phase.
In recent conversations with CISOs, many have highlighted that particularly difficult incidents can affect how teams approach the next one. If an organisation has gone through something especially challenging, it can leave people in a difficult place mentally going into the next incident. And there will always be a next one. It is no longer a question of if, but when.
For those who have experienced several major incidents over recent years, the pressure is cumulative. This is why burnout is becoming more common in the industry. These experiences build up over time and inevitably influence how the next incident is perceived and handled.
26 WWW. INTELLIGENTCISO. COM