The majority of cybersec pros in Asia-Pacific report negative impacts from burnout

Feeling stressed at work? Don’t worry, so is everyone else in the cybersecurity industry.

Security firm Sophos commissioned a poll of cybersecurity professionals in the Asia-Pacific (APAC) region, finding that 85% of more than 900 respondent companies reported being impacted by burnout. Nine in ten employees said they felt negative impacts from burnout on the job.

Related findings included that 41% of respondents felt they weren’t diligent enough in their job performance, 31% felt “cynical, detached, and apathetic” toward their work, and 30% felt burnout strongly enough to want to quit or switch careers. Nearly a quarter of respondents said they had actually resigned from a previous job due to burnout.

Aaron Bugal, field CTO of Asia Pacific and Japan at Sophos, told IT Brew via email that the results show that cybersecurity burnout is a worldwide problem that isn’t being adequately discussed or addressed by leaders in the field. (Forrester analyst Jinan Budge has written that in her experience, the topic was largely ignored until at least 2018.)

“The trend here is that no matter the industry, organizational size or geographical location, cyber burnout in frontline operators, management, and those in an executive or board level position is real, and is having a negative effect on an organization’s cyber resiliency,” Bugal wrote.

The survey found that burnout had contributed to lost productivity (4.1 hours a week per person, on average), security breaches at 17% of organizations, and resignations at 23% of respondents’ enterprises throughout the region.

These figures likely won’t come as a surprise to cybersecurity pros in other regions. In 2023, a Gartner report found that almost half of cybersecurity leaders would leave their jobs by 2025, and that 25% would switch roles entirely due to stressors. Also last year, CyberArk found burnout rates of 59% among security pros in the UK, while a Mimecast survey said 56% of cybersecurity workers reported increased stress every year of their career.

According to Bugal, while the common denominator for organizations experiencing cyber burnout is lack of resources or investment in resiliency plans, the shortage of cybersecurity experts, along with executives who view security as a “sinkhole” cost center, are major exacerbating factors.

“This attitude feeds stress and exhausts cybersecurity operators’ physical, emotional, and mental capacities, which leads to their burnout,” Bugal added. “Organizations need to identify if negative attitudes exist towards their cyber goals and to quickly make adjustments.”