Johan Dreyer, Field CTO, EMEA, at Mimecast, has been working in the IT Infrastructure, Messaging, and Security industry for over 20 years. Throughout his career, he has gained recognition as a trusted advisor, particularly in the field of IT security. Dreyer has observed a concerning trend of burnout among professionals in the cybersecurity field. He attributes this burnout to the increasing number and sophistication of cyberattacks, combined with limited resources and growing pressure on security teams to protect their organizations.
According to Dreyer, burnout is a significant challenge across the cybersecurity profession. While organizations and budgets are expanding, they may not be keeping pace with the ever-evolving threat landscape. As a result, security teams are under immense pressure to safeguard their organizations from attacks. This pressure is felt both in the vendor world, where companies are responsible for protecting their customers, and within internal IT security teams, who are tasked with defending their own organizations and employees.
One crucial aspect that Dreyer highlights is the role of leaders in addressing burnout and promoting wellbeing in the cybersecurity industry. He emphasizes the influence of leadership on the culture of an organization. If leaders prioritize wellbeing and invest in programs such as Employee Assistance programs, wellness seminars, and social activities, it becomes part of the organization’s culture. This proactive approach helps recognize and alleviate the pressures faced by staff and employees in their day-to-day operations.
Mimecast, as a company focused on protecting data, communications, and people, also prioritizes employee wellbeing. In addition to providing tools and technology to detect, prevent, and respond to cyberattacks, Mimecast invests time and resources into their Employee Assistance program. This program offers professional help and support from an independent third party for employees feeling overwhelmed or under pressure.
An issue that often arises in the cybersecurity field is the presence of a blame culture. When a cyber incident occurs, there is a tendency to place blame rather than encourage open communication and learning from mistakes. Dreyer believes it is essential to foster an environment where employees are encouraged to speak up, seek support, and support each other. By promoting openness and minimizing the fear of blame, organizations can create a culture of continuous learning and improvement.
A recent report by Mimecast, titled “Mimecast State of Ransomware Readiness 2022,” shed light on the increasing stress levels faced by professionals in the cybersecurity field. The report revealed that 58% of professionals feel their role is becoming more stressful each year. Additionally, 42% of professionals are considering leaving their roles within the next two years due to stress and burnout.
Dreyer expresses concern about the wellbeing of cybersecurity teams and the need for organizations to measure their resilience against cyberattacks. He advocates for implementing systems that assess organizational preparedness and the ability to handle potential cyber incidents. By acknowledging and addressing these scenarios, organizations can alleviate some of the burdens felt by individuals and teams.
Looking towards the future of cybersecurity, Dreyer emphasizes the need for change and adaptation. He believes that a static approach cannot exist since adversaries will continually develop new techniques, tools, and approaches to achieve their goals. The cybersecurity industry must innovate and evolve alongside adversaries to detect, block, and respond to attacks effectively.
To prevent burnout, Dreyer offers the analogy of airline safety protocols: putting the safety mask on yourself before assisting others. This reminder suggests that individuals must prioritize their own well-being before effectively supporting others in demanding roles.
As the industry learns from leaders like Johan Dreyer and organizations like Mimecast, it is becoming increasingly clear that addressing burnout, promoting wellbeing, and fostering a resilient cybersecurity culture are critical for the future of the industry. Only by investing in the well-being of cybersecurity professionals and creating supportive and adaptable environments can organizations combat the evolving landscape of cyber threats and keep their data, communications, and people safe.