A MAJORITY of cybersecurity and IT roles in the Philippines are “impacted by burnout and fatigue,” the highest among the markets surveyed by cybersecurity firm Sophos.
According to Sophos’s latest report titled, “The Future of Cybersecurity in Asia Pacific and Japan,” 94 percent of Philippine-based cybersecurity and IT experts felt burnout across almost all aspects of cybersecurity operations, with 88 percent of respondents in the Philippines saying that feelings of burnout increased in the last 12 months.
Another 36 percent said that this burnout makes them “less diligent” in their cybersecurity roles.
Sophos further found that 11 percent of respondents admit that the burnout or fatigue “contributed to, or was directly responsible for, a cybersecurity breach and 19 percent of companies experienced slower than average response times to cybersecurity incidents.” Across the region, an average of 90 percent of respondents in cybersecurity and IT roles are impacted by burnout and fatigue.
Furthermore, Sophos found that the five leading causes of cyber burnout and fatigue are: A lack of resources available to support cybersecurity activities; the routine aspects of the role, which create a feeling of monotony; an increased level of pressure from board and/or executive management; persistent alert overload from tools and systems; and increase in threat activity and the adoption of new technologies that foster a more challenging, always-on environment.
“When organizations struggle with cybersecurity skills shortages, and an increasingly complex cyberattack environment, employee stability and performance are critical for providing a solid defense for the business. Burnout and fatigue are undermining these areas, and organisations need to step up to provide the right support to employees, especially when, according to our research, 11 percent of respondents identified that cybersecurity burnout or fatigue contributed to, or was directly responsible for, a cybersecurity breach,” said Aaron Bugal, field CTO at Sophos.
And given that experts felt cyber burnout and fatigue, organizations also had slower response times to cybersecurity incidents, lost productivity, and mass resignations.
“Although there’s no simple fix, an attitude adjustment would go a long way to defining the right expectations for evolving into a cyber-resilient business. Boards and executive committees must drive change and demand responsibility from their deputised charges for better governance around cyber approaches. However, they need to clearly articulate their accountability in developing and maintaining a plan because cybersecurity is now a perpetually interactive sport —and there needs to be a team that provides adequate coverage around the clock,” Bugal said.
Image credits: AP/Jenny Kane