The fifth edition of the Sophos report, "The Future of Cybersecurity in Asia Pacific and Japan (APJ)," reveals alarming trends in cybersecurity burnout across the region.
The report indicates that 86% of organisations are experiencing burnout, a slight increase from 85% in 2024. This rise is attributed to escalating threat activity, resource shortages, and complex compliance requirements.
The report presents a dual impact of artificial intelligence (AI) within the cybersecurity landscape. While AI-powered security tools are helping to alleviate some burdens, the rise of "shadow AI"—unauthorised AI applications used by employees—is complicating efforts to maintain security.
“The triad of increased threats, regulatory demands, and limited resources is making cybersecurity unsustainable for many teams,” said Aaron Bugal, field CTO for APJ at Sophos.
He opines that cybersecurity stress and burnout are more than just operational concerns; they represent cultural, strategic, and deeply human challenges.
Thoughtfully deployed AI tools can provide relief by scaling operational capability and enabling faster incident response, but shadow AI poses new risks that many organisations are not prepared for.”
Key insights from the report include:
- Shadow AI Risks: 46% of organisations reported the use of unauthorised AI tools, despite 72% having formal AI usage policies. Alarmingly, 12% of respondents are unaware if shadow AI applications exist within their organisation.
- Burnout Intensifies: Employees are losing an average of 4.6 hours per week due to stress and fatigue, reflecting a 12% increase from the previous year.
- Budget Increases: 85% of organisations plan to boost their cybersecurity budgets in the coming year, with 24% intending to increase spending by over 10%.
- Regulatory Challenges: While 83% face regulatory requirements, 56% believe these enhance their resilience and security strategy.
The report underscores that cybersecurity burnout is a business issue, affecting productivity, incident response, and employee retention. Notably, 31% of companies confirmed that burnout contributed to a security breach.
The promise of AI in cybersecurity is significant, with 56% of respondents using AI-augmented tools reporting reduced stress and faster incident triage.
However, the prevalence of shadow AI remains a top concern, particularly in countries like India (62%), Singapore (60%), and Japan (47%).
These findings highlight the urgent need for robust AI governance frameworks to define policy and enforce oversight as AI continues to become integral to business operations.