News & Insights

The Misalignment of “Emergency” & “Crisis” Between Mental Health and Cyber Incident Response

19th March 2025
Professor Vasilis Katos
CTO and Co-Founder, Cyber Innovations
Read more articles

Divergent Definitions, Divergent Responses

The St. John Ambulance Mental Health Reference Guide defines a mental health emergency as an immediate risk to life (e.g., suicide attempts, violence), requiring urgent intervention. A crisis, meanwhile, involves severe distress (e.g., panic attacks, psychosis) that demands professional support but does not necessarily require emergency services. This distinction ensures responders prioritise actions: emergencies trigger 999 calls, while crises require de-escalation and referrals.

In cybersecurity, following risk assessment and disaster recovery frameworks, “emergency” and “crisis” suggest the opposite prioritisation and severity. For example, a single infected workstation might be classified as an emergency, while a crisis would involve a ransomware attack encrypting company-wide systems.

Without standardised definitions, organisations risk misallocating resources—delaying containment or overreacting to non-critical events.

Why This Misalignment Matters

1. Resource Allocation:

  • Mental health frameworks prioritise urgency: emergencies trigger ambulances; crises mobilise counsellors.
  • In cybersecurity, mislabelling incidents can lead to inconsistent responses. Declaring a “crisis” too late might allow a manageable threat to escalate into a full-blown emergency (e.g., undetected ransomware spreading). Conversely, overusing “emergency” for minor incidents breeds complacency.

2. Communication Gaps:

  • Mental health first aiders are trained to distinguish between stages (e.g., “reacting” vs. “ill”).
  • Cybersecurity teams often lack analogous frameworks, resulting in fragmented communication between technical staff, executives, and legal teams.

3. Human Cost:

  • Cyber incidents increasingly impact mental health. Employees facing breach-related stress may enter a mental health crisis, yet organisations rarely integrate psychological support into cyber response plans.

Bridging the Divide: The Cyber First Aid Approach

In Cyber First Aid, the distinction between emergency and crisis boils down to one key question:

“Is there a playbook to handle the cyber incident?”

  • If the answer is “Yes”, then we are dealing with an emergency—it’s an expected scenario with a predefined response.
  • If the answer is “No”, then we have a crisis—the situation is novel, unanticipated, and requires strategic decision-making rather than routine action.

This redefinition aligns cyber incident response with mental health models, ensuring structured, proportional responses that account for both technical and psychological impacts.

Browse our Research & Innovation
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful. Read our full Privacy Policy.