AI adoption and threat complexity fuelling increase in cybersecurity burnout in APAC and Japan: Sophos

Shadow AI, resource shortages, and rising attack volumes put pressure security teams

Sophos, a global leader in advanced security solutions, today unveiled the 5th edition of its report The Future of Cybersecurity in Asia Pacific and Japan (APJ), produced in collaboration with Tech Research Asia (now part of Omdia). The findings reveal that cybersecurity burnout remains high across the region, with 86% of organisations surveyed experiencing issues (up from 85% in 2024) – primarily driven by increased threat activity, lack of resources, and complex compliance requirements.

The 2025 report also highlights how AI is having a two-pronged effect on cybersecurity with AI-powered security tools helping to alleviate some of the issues associated with fatigue, while shadow AI use by employees is complicating cybersecurity efforts.

“The triad of increased threats, regulatory demands, and limited resources is making cybersecurity unsustainable for many teams,” said Aaron Bugal, field chief information security officer, APJ, Sophos. “This year’s findings reinforce what we’ve observed in the field: cybersecurity stress and burnout are more than just operational concerns – they’re cultural, strategic, and deeply human challenges. AI tools, when deployed thoughtfully, can provide relief by scaling operational capability and enabling faster incident response. But the surge of shadow AI – unauthorised, unregulated AI tools being used by employees – poses new risks that many organisations are not prepared for.

"We’re witnessing a new era where security awareness must extend beyond phishing emails to include how people use and share sensitive data through AI tools. Governance and clear boundaries around AI usage are essential.”

Key insights from the report

• Shadow AI risks on the rise: 46% of organisations surveyed report the use of unauthorised AI tools, despite 72% having formal AI usage policies. Another 12% don’t know if shadow AI apps are inside their organisation.
• Burnout intensifies: Organisations lost an average of 4.6 hours per employee per week due to stress and fatigue – a 12% increase over 2024.
• Budgets remain robust: 85% of organisations plan to increase their cybersecurity budgets in the next year; 24% by over 10%.
• Regulation a double-edged sword: While 83% of surveyed organisations face regulatory requirements, 56% say these improve both resilience and security strategy.

The report reveals that cybersecurity stress is not just a tech issue – it is a business one. Burnout affects productivity, incident response, employee retention, and contributes to breaches, with 31% of companies confirming that burnout was the cause of a breach.

AI: Friend or Foe?

AI’s promise is undeniable: 56% of respondents using AI-augmented cybersecurity tools reported reduced stress and faster triage of incidents.

However, the rise of unauthorised “shadow AI” tools is quickly becoming a top concern. Despite 72% of organisations having formal AI governance policies in place, 46% still report employees using unapproved AI tools – a figure that’s even higher in key markets:

·       India: 62%

·       Singapore: 60%

·       Japan: 47%

The risks of shadow AI are exacerbated by visibility and control gaps:

·       38% of organisations lack visibility into which AI tools are in use

·       35% are unsure what data these tools access

·       31% have already discovered vulnerabilities in deployed AI applications

These findings underline the need for robust AI governance frameworks that not only define policy but also enforce oversight, especially as AI continues to be woven into core business operations.