Vasilis Katos, 19.3.2025
When developing Cyber First Aid, a key initial challenge was the conflicting definitions of “emergency” and “crisis” between mental health and cybersecurity domains.
Divergent Definitions, Divergent Responses
The St. John Ambulance Mental Health Reference Guide defines a mental health emergency as an immediate risk to life (e.g., suicide attempts, violence), requiring urgent intervention. A crisis, meanwhile, involves severe distress (e.g., panic attacks, psychosis) that demands professional support but does not necessarily require emergency services. This distinction ensures responders prioritise actions: emergencies trigger 999 calls, while crises require de-escalation and referrals.
In cybersecurity, following risk assessment and disaster recovery frameworks, “emergency” and “crisis” suggest the opposite prioritisation and severity. For example, a single infected workstation might be classified as an emergency, while a crisis would involve a ransomware attack encrypting company-wide systems.
Without standardised definitions, organisations risk misallocating resources—delaying containment or overreacting to non-critical events.
Why This Misalignment Matters
1. Resource Allocation:
- Mental health frameworks prioritise urgency: emergencies trigger ambulances; crises mobilise counsellors.
- In cybersecurity, mislabelling incidents can lead to inconsistent responses. Declaring a “crisis” too late might allow a manageable threat to escalate into a full-blown emergency (e.g., undetected ransomware spreading). Conversely, overusing “emergency” for minor incidents breeds complacency.
2. Communication Gaps:
- Mental health first aiders are trained to distinguish between stages (e.g., “reacting” vs. “ill”).
- Cybersecurity teams often lack analogous frameworks, resulting in fragmented communication between technical staff, executives, and legal teams.
3. Human Cost:
- Cyber incidents increasingly impact mental health. Employees facing breach-related stress may enter a mental health crisis, yet organisations rarely integrate psychological support into cyber response plans.
Bridging the Divide: The Cyber First Aid Approach
In Cyber First Aid, the distinction between emergency and crisis boils down to one key question:
“Is there a playbook to handle the cyber incident?”
- If the answer is “Yes”, then we are dealing with an emergency—it’s an expected scenario with a predefined response.
- If the answer is “No”, then we have a crisis—the situation is novel, unanticipated, and requires strategic decision-making rather than routine action.
This redefinition aligns cyber incident response with mental health models, ensuring structured, proportional responses that account for both technical and psychological impacts.
Join Us for a Cyber First Aid Event!
Want to explore these ideas further? Cyber Innovations Ltd. is hosting a Special Cyber First Aid Basic event in collaboration with Jason Cobine from Cobine Carmelson.
📅 Date: Friday, 23rd May 2025
📍 Location: Bournemouth University’s Executive Business Centre (EBC), 7th floor, Lansdowne Campus
⏰ Time: 10:00 AM – 3:00 PM
This session is perfect for businesses looking to improve their cyber resilience while understanding the human factors in cyber incident response. Secure your spot now—places are limited!
For more details, get in touch at info@cyberinnovations.co.uk.
