Many burned-out cybersecurity professionals in the Asia-Pacific region have suffered in silence for years. However, a growing body of research in the region, including a recent report by cybersecurity firm Sophos, is drawing attention to the scope, causes, and impact of the problem.
Sophos' report, The Future of Cybersecurity in Asia Pacific and Japan, found that burnout and fatigue are widespread, with 9 out of 10 employees affected in some way. Causes include lack of resources and vigilance fatigue, which often leads to anxiety and demotivation among employees.
Organizations surveyed in the report found that burnout and fatigue are contributing to decreased team productivity, some successful cyberattacks, and employees choosing to look for new roles or leave the industry altogether. I admit that it is. AI is mentioned as one of the things that may be supported in the future.
Cyber professional burnout is a long-known problem in the Asia-Pacific region
Burnout in cybersecurity is a well-known problem. Commonwealth Bank of Australia director of defense affairs Andrew Pade said since he moved into cyber security at the Reserve Bank of Australia more than 20 years ago, many colleagues had quit due to burnout.
See: Ransomware isn't just affecting data, it's also affecting the mental and physical health of IT professionals.
Recent studies in Australia and New Zealand provide evidence of this problem.
- A 2023 survey of 119 Australian cyber professionals conducted by Cybermindz and the University of Adelaide found that these workers had higher burnout scores than the general population and, in some cases, frontline healthcare workers. It was found that this exceeds the burnout syndrome faced by many people.
- Mimecast's State of Ransomware Readiness report found that more than half (54%) of Australian cybersecurity professionals admit that cyber-attacks have a negative impact on their mental health, compared to almost a quarter (22%) was considering leaving his current position.
- Racework research released in 2022 suggested a larger proportion of Australian cyber professionals (57%) are looking for a new employer or considering leaving the industry. 87% of people who wanted to leave the industry cited burnout due to workload.
Cybersecurity burnout used to be hidden
Jinan Budge, head of security and risk research for Asia Pacific at Forrester, said burnout in cybersecurity was discussed in “quiet, cautious whispers” until 2018, but further research publications are bringing it closer to regional organizations. He writes that the debate has increased.
Sophos research finds the problem is widespread and growing
The Future of Cybersecurity in Asia Pacific and Japan study conducted by Technology Research Asia for Sophos found that cybersecurity burnout and fatigue are prevalent in the region. It turns out that this problem will not get better by 2024, but will get worse.
- The study found that 85% of companies are experiencing fatigue and burnout among their cyber and IT professionals. 23% experienced this problem “often” and 62% “sometimes” (Diagram A).
- Nine out of 10 (90%) companies said burnout and fatigue had increased in the past 12 months, with 30% saying the rate had increased “significantly.”
- When surveyed and directly responded to by employees, 90% of cyber and IT employees in Asia Pacific said they were negatively impacted by burnout and fatigue.
India is the most affected by burnout among countries in the APAC region
Burnout and fatigue are most prevalent in India, with 37% of organizations saying their employees experience the problem 'often', compared to the regional average of 23%. . India also had the highest “significant” increase in burnout and fatigue in the past year (48%).
Top causes of burnout in cybersecurity professionals in Asia Pacific
According to a Sophos report, there are five main causes of burnout in the region (Diagram B):
- There are insufficient resources available to support cybersecurity activities and staff.
- A combination of monotonous daily routines and challenging activities.
- Increased pressure from local boards and management.
- Warns of overload from various cyber technology tools and systems.
- Increased threat activity creating an “always on” environment.
Burnout affects individuals and organizations
When burnout occurs, both cybersecurity employees and organizations are at risk. The Sophos report notes that workforce stability and performance are critical to protecting organizations as cyber skills become scarce and the threat environment becomes increasingly complex.
Burnout issues reduce personal cybersecurity performance
Burnout and fatigue can cause people to feel a strong mix of guilt, apathy, apathy, and anxiety. For example, Sophos found that 41% of burnt-out professionals feel they are not diligent enough in their performance, and 34% say their anxiety levels would be lower if they were exposed to a breach or attack. I have discovered that I feel heightened.
Premium: Download Tips to Avoid IT Burnout.
Additionally, 31% said they felt cynical, isolated, and uninterested in their cyber activities and jobs, and 30% said they wanted to quit or change jobs due to burnout and fatigue. Additionally, 10% felt guilty about not being able to do more to support cybersecurity efforts.
Employers face decreased productivity, increased violations, and increased turnover
Individual performance issues pose a risk to the employer. Sophos found the following key impacts:
- Cyber and IT professionals lose 4.1 hours per week to burnout and fatigue. The Philippines and Singapore suffered the worst regional productivity losses due to this problem, losing 4.6 and 4.2 hours per week, respectively.
- Cybersecurity burnout or fatigue was found to be contributing to or a direct cause of cybersecurity breaches in 17% of organizations. In addition, 17% said this issue caused delays in their response time to security incidents.
- Approximately 23% of cybersecurity turnover is attributed by organizations to burnout and fatigue. In Singapore, 38% of resignations were attributed to this issue, and 28% of organizations in Malaysia had to 'move' staff due to stress and burnout.
Employers responding to cybersecurity burnout
Sophos research shows that, overall, employers are not ignoring the growing problem of burnout. Across the region, 71% of companies surveyed said they have implemented and actively offer stress counseling support services for IT and cybersecurity professionals.
See also: How CBA is managing cyber security in the age of “infinite signals.”
This does not mean that organizational culture always has the attitude to deal with problems. In Australia, only 40% of employees who raised an issue with their employer received a positive response, compared to 83% of employees in India and 73% in Malaysia.
Technology may have a role to play in combating occupational burnout
A Sophos research report states that despite vigilance fatigue, technology has a strong role to play in the future. The report suggests that improved automation and the use of a rapidly growing array of artificial intelligence cybersecurity solutions could help alleviate some aspects of the causes of burnout. Masu.
Sophos has concluded that fatigue and burnout are significant issues that are negatively impacting workforce and business performance in Asia Pacific.
“Decreased focus and increased levels of vulnerability, as well as increased turnover among cybersecurity and IT employees, are real problems for many organizations,” the report states.