When a Cyberattack Becomes a Community Crisis

Why public emotion, trust, and communication matter as much as firewalls

Cyberattacks are often described as technical failures, yet anyone who has lived through a major outage or breach knows that the real shockwaves travel through people, not machines. A recent study published in Engineering, Construction and Architectural Management on the Florida water plant hack makes this point vividly clear. Paired with reporting from TechXplore’s article, “Cyberattacks can trigger societal crises, scientists warn”, the research shows that when hackers target critical infrastructure, the public experiences the event not just as a technical glitch but as a community level crisis that unfolds emotionally, socially, and politically.

The idea of societal resilience helps explain why these reactions matter. Resilience describes a community’s ability to absorb a shock, adapt to it, and return to normal functioning afterwards. As a helpful analogy, think of it as a city’s immune system. When something harmful enters the body, the immune system responds, learns, and strengthens. Societal resilience works the same way. It depends on trust, communication, and the belief that institutions can protect people when something goes wrong. When a cyberattack hits essential services like water, electricity, or transportation, it tests that immune system. If trust erodes, recovery slows, and the community becomes more vulnerable to future crises.

The Florida water plant attack in 2021 is a useful example. In February of that year, an intruder gained remote access to the Oldsmar, Florida water treatment facility. Using outdated software and weak security settings, the attacker briefly succeeded in increasing the amount of sodium hydroxide, or lye, in the water supply. In small amounts, lye helps control acidity. In large amounts, it can cause burns and serious health risks. Fortunately, a plant operator noticed the cursor moving on his screen and reversed the changes before contaminated water reached the public. The physical danger was stopped quickly, but the emotional and societal impact was only beginning.

The researchers behind the Emerald study wanted to understand how people react when a cyberattack targets something as fundamental as drinking water. Instead of focusing solely on technical vulnerabilities, they turned to social media to examine how the public processed the event in real time. They collected posts from X, formerly Twitter, during the first week after the attack. These posts ranged from disbelief and humor to fear, anger, and calls for accountability. Because the posts were naturally occurring conversations rather than responses to a survey, they offered an unfiltered look at how people actually felt and what they expected from authorities.

Social media analysis can reveal patterns that traditional crisis reports often miss. It functions like a public square where people gather to make sense of events together. In the Oldsmar case, online discussions quickly highlighted systemic weaknesses such as outdated software, poor authentication practices, and a lack of cybersecurity investment. People were not only reacting emotionally but also offering technically informed suggestions. This blend of emotion and insight is valuable because it shows how the public becomes an active participant in crisis interpretation and problem solving.

To make sense of the emotional trajectory in these posts, the researchers used the Kübler Ross model, a well-known framework originally developed to describe how people respond to grief. The model outlines five stages: denial, anger, bargaining, depression, and acceptance. Although created for end-of-life contexts, it has since been applied to many types of disruption. The researchers found that public reactions to the water plant hack followed a similar pattern. Early posts expressed disbelief or humor, which served as a buffer against the shock. As the seriousness of the incident became clearer, anger emerged, often directed at officials or system designers. Bargaining appeared in the form of suggestions, questions, and attempts to regain a sense of control. Depression surfaced as people confronted the fragility of essential systems. Finally, acceptance appeared as users began discussing long-term reforms and the need for better cybersecurity practices.

This emotional progression matters because it shapes how communities respond to crises. If officials communicate poorly or dismiss public concerns, they risk deepening anger or prolonging fear. The study shows that ignoring public sentiment undermines trust and slows recovery. Conversely, acknowledging emotions, providing clear information, and demonstrating accountability can strengthen societal resilience. The public does not expect perfection, but it does expect honesty and competence.

The researchers’ findings point to several important implications. First, cyberattacks on critical infrastructure are not just technical events. They are sociotechnical crises that unfold across emotional, institutional, and technological dimensions. Second, social media can serve as a real time feedback mechanism that helps authorities understand public concerns and adjust their communication strategies. Third, the public often identifies systemic weaknesses quickly, which means their insights can support continuous improvement if leaders are willing to listen.

The study also highlights the potential for using large language models to analyze social media sentiment during cyber incidents. This could help municipalities detect emerging concerns, identify misinformation, and respond more effectively. In other words, the same technologies that power modern AI tools can help strengthen crisis communication and public trust.

Looking ahead, the researchers recommend integrating public feedback into cybersecurity planning. This means treating social media not as noise but as a diagnostic tool. It also means adopting more human centered cybersecurity strategies that consider how people experience crises, not just how systems fail. Transparent communication, proactive risk management, and visible accountability can help communities recover more quickly and maintain confidence in essential services.

The real-world impact of this work is significant. As cyberattacks become more frequent and more sophisticated, communities will continue to face moments where digital failures threaten physical safety. The Florida case shows that even when the technical damage is prevented, the emotional and societal effects can be profound. Strengthening societal resilience requires more than better software. It requires better communication, better engagement, and a deeper understanding of how people respond when the systems they rely on suddenly feel fragile.

The path forward involves combining technical defenses with human centered strategies. Municipalities can use social media analysis to understand public reactions, improve crisis messaging, and identify vulnerabilities that matter most to citizens. Policymakers can design cybersecurity frameworks that incorporate public trust as a core component. And researchers can continue exploring how emotional patterns shape community responses to digital threats.

Cybersecurity is no longer just a technical discipline. It is a societal one. The Florida water plant hack shows that when critical infrastructure is attacked, the crisis unfolds not only in control rooms and server logs but also in the minds and emotions of the people who depend on those systems every day. Understanding that human dimension is essential for building a safer and more resilient future.