Sophos, a global leader in innovating and delivering cybersecurity as a service, released the findings of its fourth “The Future of Cybersecurity in Asia Pacific and Japan” report in collaboration with Tech Research Asia (TRA). The report found that 94% of respondents in cybersecurity and IT roles in the Philippines are impacted by burnout and fatigue, the highest among the markets surveyed. Across the region, an average of 90% of respondents in cybersecurity and IT roles are impacted by burnout and fatigue.

The study revealed that burnout is felt across almost all aspects of cybersecurity operations, with 88% of respondents in the Philippines saying that feelings of burnout increased in the last 12 months with 36% saying that this burnout makes them “less diligent” in their cybersecurity roles; 11% of respondents identified that cybersecurity burnout or fatigue contributed to, or was directly responsible for, a cybersecurity breach and 19% of companies experienced slower than average response times to cybersecurity incidents. Companies in the Philippines were the most impacted by lost productivity.

Causes of cybersecurity burnout and fatigue

The five leading causes of cyber burnout and fatigue in the report include:

1. A lack of resources available to support cybersecurity activities
2. The routine aspects of the role, which create a feeling of monotony
3. An increased level of pressure from board and/or executive management
4. Persistent alert overload from tools and systems
5. Increase in threat activity and the adoption of new technologies that foster a more challenging, always-on environment.

The impact of burnout and fatigue on cybersecurity employees

The study revealed that in the Philippines:

• 36% felt they were not diligent enough in their performance
• 36% felt heightened levels of anxiety if subject to a breach or attack
• 23% experienced feelings of cynicism, detachment, and apathy toward cybersecurity activities and their responsibilities
• 17% of resignations were a result of stress and burnout

“When organisations struggle with cybersecurity skills shortages, and an increasingly complex cyberattack environment, employee stability and performance are critical for providing a solid defense for the business. Burnout and fatigue are undermining these areas, and organisations need to step up to provide the right support to employees, especially when, according to our research, 11% of respondents identified that cybersecurity burnout or fatigue contributed to, or was directly responsible for, a cybersecurity breach,” said Aaron Bugal, field CTO at Sophos.

“This Sophos and TRA report provides timely insight into organisational cyber stress and demonstrates that things must change. Although there’s no simple fix, an attitude adjustment would go a long way to defining the right expectations for evolving into a cyber-resilient business. Boards and executive committees must drive change and demand responsibility from their deputised charges for better governance around cyber approaches. However, they need to clearly articulate their accountability in developing and maintaining a plan because cybersecurity is now a perpetually interactive sport – and there needs to be a team that provides adequate coverage around the clock.”

About this research

Sophos commissioned Tech Research Asia (TRA) to research the Asia Pacific and Japan cybersecurity landscape, which included a major quantitative component with a total of 919 responses captured from Australia (204 companies), India (202), Japan (204), Malaysia (104), The Philippines (103) and Singapore (102).

About Sophos

Sophos is a worldwide leader and innovator of advanced cybersecurity solutions, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies that help organizations defeat cyberattacks. As one of the largest pure-play cybersecurity providers, Sophos defends more than 500,000 organizations and more than 100 million users globally from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through its cloud-based Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully-managed, turnkey security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.