About nine in every 10 (88%) of people in cybersecurity and IT roles in Singapore are impacted by cyber burnout and fatigue, according to Sophos.
Sophos commissioned Tech Research Asia (TRA) to undertake research into the Asia-Pacific and Japan cybersecurity landscape. A total of 919 responses captured from Australia (204 companies), India (202), Japan (204), Malaysia (104), The Philippines (103) and Singapore (102).
The study revealed that burnout is felt across almost all aspects of cybersecurity operations, with 82% of Singapore respondents saying that feelings of burnout increased in the last 12 months, and 32% said this burnout makes them “less diligent” in their cybersecurity roles.
Also, 23% identified that cybersecurity burnout or fatigue contributed to, or was directly responsible for, a cybersecurity breach, and 20% of companies experienced slower than average response times to cybersecurity incidents.
The five main causes of cyber burnout and fatigue in the report include a lack of resources available to support cybersecurity activities; the routine aspects of the role, which create a feeling of monotony; an increased level of pressure from board and/or executive management; persistent alert overload from tools and systems; and an increase in threat activity and the adoption of new technologies that foster a more challenging, always on environment.
Findings show that in Singapore, 32% of respondents felt they are not diligent enough in their performance, and 36% felt heightened levels of anxiety if subject to a breach or attack.
Also in Singapore, 40% experienced feelings of cynicism, detachment and apathy towards cybersecurity activities and their responsibilities, and 38% of resignations were a result of stress and burnout.
Aaron Bugal, field CTO at Sophos, said that at a time when organisations are struggling with cybersecurity skills shortages and an increasingly complex cyberattack environment, employee stability and performance are critical for providing a solid defence for the business.
“Burnout and fatigue are undermining these areas and organisations need to step up to provide the right support to employees,” said Bugal.
“Although there’s not a simple fix, an attitude adjustment would go a long way to define the right expectations around what it means to evolve into a cyber-resilient business,” he added.
Bugal said boards and executive committees need to drive change and demand responsibility from their deputised charges, in essence for better governance around cyber approaches.
“However, they need to clearly articulate their accountability in developing and maintaining a plan because cybersecurity is now a perpetually interactive sport – and there needs to a team that provides adequate coverage around the clock,” said Bugal.
There were four key areas where cyber burnout and fatigue had a direct impact on business operations in Singapore.
First, direct contribution to breaches, with 23% of respondents saying that cybersecurity burnout or fatigue contributed to, or was directly responsible for, a cybersecurity breach.
Second, slower response times to cybersecurity incidents. A fifth of companies experienced slower than average response times to cybersecurity incidents.
Third, lost productivity. Businesses in Singapore are experiencing a productivity loss of 4.2 hours per week amongst cybersecurity and IT professionals. Companies in the Philippines (4.6 hours/week) and Malaysia (4.1 hours/week) had the worst impact, while India and Japan (both 3.6 hours/week) were the least affected.
Fourth, resignations and employees moving on. Stress and burnout were directly attributed as a cause of cybersecurity and IT professional resignations in 41% of companies in Singapore.
Organisations also noted that, on average, 20% of them had “moved on” a cybersecurity or IT employee as result of the individual being impacted by stress or burnout. Singapore (26% of companies) had the highest incidence of this practice followed by Malaysia (23%).