The study surveyed over 900 cybersecurity and IT professionals in Australia, India, Japan, Malaysia, the Philippines, and Singapore. The India portion had 202 respondents from mid to large-sized companies.
The study found that a staggering 83% of cybersecurity and IT professionals in India are affected by burnout.Even worse, 25% admitted it contributed to or directly caused a cybersecurity breach at their company.
The top causes identified include a lack of support resources, monotonous work, unreasonable management pressure, relentless alert overload, and constantly increasing threat levels from new technologies.
34% of respondents said burnout makes them less diligent in their job duties. 48% reported feeling higher anxiety about potential attacks their organization might face. 36% admitted to cynicism, detachment and apathy about their cybersecurity responsibilities. 31% of cybersecurity resignations were specifically due to excessive stress.
Productivity loss averaged a worrying 3.6 hours per employee per week. 33% of companies had experienced resignations due to burnout.
“With acute skills shortages and increasingly complex threats, employee stability is critical for defence,” said Aaron Bugal, Sophos Field CTO. “Organisations must step up mental health support and realistic work conditions, especially since burnout directly causes breaches.”
He said boards and executives need to adjust expectations around cyber resilience and provide adequate around-the-clock staffing. They also need to take responsibility for developing response plans instead of over-burdening the security team.
Experts say the shocking data proves the burnout problem needs immediate executive attention, considering the talent crunch in the field, ever-increasing workloads, and continuously evolving threats. The human aspect of cybersecurity must be prioritised both for national security and business continuity.
Policymakers need to promote programs to detect and prevent burnout, while technology vendors should look at automation to reduce repetitive tasks. But organisations must take the first step to acknowledge and address the issue before losing more of their overworked defenders.