When cognitive psychology sheds light on cyber crisis management

Introduction: why cyber crisis management is above all a human issue

Cyberattacks are multiplying and are now affecting the entire socio-economic fabric: operators of vital importance, health establishments, agri-food industries, local authorities, public services, etc. No one is spared. In France, the French National Agency for the Security of Information Systems (ANSSI) recorded 4,386 security events in 2024, an increase of 15% compared to 2023. Of these, 3,004 reports and 1,361 incidents were brought to its attention. This increase is partly explained by the context of the 2024 Olympic and Paralympic Games, but above all reflects a fundamental trend: cyber crises are constantly growing and are putting organizations to the test.

Crisis management is not limited to activating technical protocols or neutralizing malware. It is based above all on human decisions. These decisions must be made in an environment of high uncertainty, with a massive influx of information to process, under stress and with intense time pressure: these pitfalls are accentuated in the event of a lack of anticipation and preparation. These are all factors that, as the scientific literature shows, greatly complicate decision-making.

Surprisingly, while decision-making in critical situations has been the subject of much research in emergency medicine, aviation and humanitarian crisis management, few studies have focused specifically on the cyber crisis.

However, this field has a singularity: the intangibility of threats and impacts. As long as an attack goes undetected, its consequences remain invisible, making it more difficult to make quick and informed decisions. These crises are very unique and have their own characteristics that clearly distinguish them from other types of crises [1] :

• Their dazzling speed and ubiquity cause immediate and simultaneous impacts on multiple perimeters of the organization;
• The uncertainty of the immateriality of the attack makes it difficult to understand the situation, while its scalability requires constant adaptation by response teams.
• The intrinsic technicality of attacks also makes their analysis difficult for non-specialist decision-makers to understand.
• These crises are also characterized by their rapid spread, both internal and external, and by an elasticity of crisis time : some episodes resolve within a few hours, while others extend over months.
• The overall duration of the crisis is not limited to the technical phase; It also includes judicial, regulatory and reputational consequences, which extend the pressure well beyond the initial incident.

This is why there is an urgent need to better understand how decision-makers construct their representation of a cyber crisis and why they can be trapped by the way they process information.

Cognitive psychology: understanding how humans process information

To explore this question scientifically, we must turn to the psychological sciences, and in particular to cognitive psychology.

A subfield of psychology, this discipline is concerned with the way individuals process information, from the simplest sensory perception to the most complex reasoning. Since the 1950s, researchers have studied the processes that allow humans to evolve in their environment: perception, attention, memory, reasoning, decision-making.

Today, cognitive psychology offers a valuable body of knowledge for understanding phenomena that may seem intuitive, but that profoundly influence our relationship with the world. Among these concepts, some are now known to the general public, such as cognitive biases [2] : confirmation bias, which pushes us to favor information that reinforces our beliefs, or anchoring bias, which influences our judgments based on the first information received.

The interest of this discipline is therefore not limited to a theoretical curiosity: it offers a rigorous analytical framework and tools to decipher the mental mechanisms at work in complex situations.

Applications of cognitive psychology to cyber crisis management

Cognitive psychology has already shown its usefulness in operational contexts where decisions must be made quickly and accurately.

• In emergency medicine, the study of mental load and diagnostic biases has made it possible to design protocols and decision-making tools to avoid errors in situations of high pressure.
• In aviation, the analysis of attentional processes has led to the development of checklists and training courses intended to better distribute the attention of pilots, thus reducing accidents related to human error.
• In humanitarian and natural disaster management, understanding decision heuristics has helped to improve relief coordination.

Transposed to the cyber field, cognitive psychology makes it possible to:

• Understand how the actors of a crisis unit prioritize and filter information within a massive and often contradictory flow.
• Analyze the influence of cognitive biaseson situational awareness [3] and strategic choices.
• Assess the impact of stress and mental load on individual and collective performance.
  

The challenge is clear: to develop tools, training and methodologies capable of compensating for human cognitive limitations to support optimal decision-making, even in the chaos of a sophisticated cyberattack.

The added value of the joint work between Alcyconie and the CLEE laboratory

To meet these challenges, Alcyconie launched a CIFRE thesis in 2025 (Industrial Convention for Training through Research) in partnership with the Cognition, Languages, Languages, Ergonomics laboratory (CLLE – CNRS UMR 5263) and has hired a PhD student who is dedicated to this research. Evaluated by researchers specializing in the field, the project thus benefits from recognized scientific relevance and solidity.

This thesis, entitled “Reasoning and situational awareness on decision-making in cyber crisis management: factors involved and proposed solutions”, aims to fill the gap in scientific knowledge on the specificity of issues related to reasoning (cognitive bias) and situational awareness relating to the human factor in a cyber context.

National recognition: France 2030 winner

The innovative nature of this project was recognized by a jury of particularly demanding experts: Alcyconie is the winner of France 2030 for this research program. This distinction confirms the relevance and excellence of the project, which is fully in line with:

• in the National Strategic Review, which emphasizes the need to strengthen the resilience of organizations to hybrid threats,
• and in the National Cyber Strategy, which emphasizes innovation, technological sovereignty and the consideration of the human factor in cybersecurity.

Being a France 2030 laureate is a double recognition: that of the scientific potential of the research carried out, but also of its strategic dimension for national security.

Main objectives:

1. Identify the influence of cognitive biases (confirmation, anchoring, etc.) on decision-making while observing whether they can also influence the situational awareness of decision-makers.
2. Observe the cognitive mechanisms at work within crisis management teams.
3. To test the effectiveness of methods from cognitive psychology to improve the quality of decisions under constraint.
4. Propose operational methodologies to help players keep a cool head and optimize their choices, even under pressure.

A collaboration with high added value

• For academic research, it opens up a new field by exploring the cognitive specificities of cyber crises, which are still little studied in real situations.
• For client organizations, it means more robust preparedness systems designed to anticipate human vulnerabilities and build collective resilience.
• For Alcyconia, this research guarantees a rapid transfer of scientific results to its operational activities: training, crisis simulations, training.

Conclusion

Cyber crisis management cannot be reduced to a technical problem. It is profoundly human, rooted in the cognitive mechanisms that govern our decisions under stress, uncertainty and information overload. By mobilizing cognitive psychology, and thanks to the collaboration between Alcyconie and the CLLE laboratory, it becomes possible to provide concrete solutions to these challenges.

The fact that Alcyconie is a France 2030 laureate and confirms a CIFRE thesis project demonstrates both the scientific quality of the project and its strategic importance for France, in line with the National Strategic Review and the National Cyber Strategy.

Beyond the alarming figures, it is by understanding and strengthening the human factor that organizations will be able to face tomorrow’s cyber crises with greater resilience and efficiency.

---

[1] Guide “Cyber crisis, the keys to operational and strategic management” – ANSSI

[2] In scientific research, cognitive biases are considered to be “shortcuts of thought” that lead us to produce errors in our reasoning.

[3] This notion refers to the ability of individuals to perceive information in their environment, understand it and be able to project themselves into the future state of the situation in order to make informed decisions.

Article written by:

Nathan VITAL – PhD student in cognitive psychology – in CIFRE at Alcyconie
Stéphanie LEDOUX – CEO Alcyconie