Cybersecurity burnout hits APAC firms, with lack of resources the key challenge

Almost all cybersecurity professionals in the region are experiencing adverse effects from burnout, including lost productivity and breaches.
Written by Eileen Yu, Senior Contributing Editor
Cybersecurity lock
Andriy Onufriyenko/Getty Images

Some 90% of cybersecurity and IT employees across six Asia-Pacific markets are experiencing adverse effects from burnout and fatigue, with a lack of resources being the key challenge these organizations face. 

Burnout is leading to lost productivity and data breaches, according to research released by Sophos. Conducted by Tech Research Asia, the study includes an online poll of 919 cybersecurity and IT professionals in Australia, India, Japan, Malaysia, Singapore, and the Philippines.

Also: The best VPN services (and how to choose the right one for you)

Japan experienced the lowest level of burnout, at 69%, while the other five markets clocked greater than 80%. A regional average of 85% observed fatigue and burnout among their cybersecurity and IT professionals. 

Some 90% of respondents said the level of burnout had spiked during the past 12 months, with India and Japan noticing a "significant" increase in fatigue and burnout in the past year at 48% and 38%, respectively. 

Also: Why IT growth is only leading to more burnout, and what should be done 

Asked about the impact on their business operations, respondents said burnout resulted in a productivity loss of 4.1 hours per week, with the Philippines averaging the highest rate at 4.6 hours a week, followed by Singapore at 4.2 hours a week. India and Japan appeared the least affected at 3.6 hours a week each. 

Some 17% of professionals across the region said fatigue and burnout had contributed or was directly responsible for a cybersecurity breach in their organization. This figure was highest in India at 25%, followed by Singapore at 23%, Malaysia at 21%, and Australia and 19%. 

Another 17% of professionals in Asia-Pacific said burnout had led to slower response times to cybersecurity incidents, with organizations in India and Malaysia experiencing this issue the most at 22% each. Some 20% in Singapore said likewise, as did 19% in the Philippines, and 17% in Australia. 

During feelings of burnout, 41% of respondents across the region felt they were not diligent enough in their performance, while 34% experienced higher levels of anxiety if subject to a security breach or attack. Another 30% expressed a desire to resign or change career, with 23% revealing they had acted on this feeling and resigned. 

Also: The best VPN services for iPhone and iPad (yes, you need to use one)

Asked about the main cause of cyber burnout, respondents pointed to a lack of available resources for cybersecurity activities, with key concerns including staff shortages, budget restrictions, and limited third-party support. Professionals also cited challenges related to the monotony of routine tasks and increased pressures from their board or management team, as these executives face changing regulatory and legal obligations arising from cybersecurity. 

Respondents also felt overwhelmed with persistent alerts from security tools and systems, including false alarms, and an increase in threat activities amid the adoption of new technologies

Sophos' field CTO Aaron Bugal said: "At a time when organizations are struggling with cybersecurity skills shortages and an increasingly complex cyberattack environment, employee stability and performance are critical for providing a solid defence for the business. Burnout and fatigue are undermining these areas and organizations need to step up to provide the right support to employees."

Bugal continued: "Boards and executive committees need to drive change and demand responsibility from their deputized charges, in essence, for better governance around cyber approaches. However, they need to clearly articulate their accountability in developing and maintaining a plan because cybersecurity is now a perpetually interactive sport -- and there needs to be a team that provides adequate coverage around the clock."

Editorial standards