Cybersecurity Fatigue Reaches Epidemic Levels in Australia by 2025
In a revealing study, the 5th edition of the Sophos report titled "The Future of Cybersecurity in Asia Pacific and Japan (APJ)" has shed light on the complex relationship between Artificial Intelligence (AI) and cybersecurity in Australia. The report, produced in collaboration with Tech Research Asia (now part of Omdia), surveyed 926 cybersecurity and IT professionals across Australia, India, Japan, Malaysia, the Philippines, and Singapore.
The report highlights a two-pronged effect of AI on cybersecurity: AI-powered security tools are helping to alleviate some issues associated with burnout, while shadow AI use by employees is complicating cybersecurity efforts.
Stress and fatigue are costing Australian organizations an average of 4.8 hours per employee per week in lost productivity, up from 3.8 in 2024. This burnout, primarily due to increased threat activity, lack of resources, and complex compliance requirements, has affected 78% of organizations surveyed in Australia. Fortunately, burnout levels have eased slightly year-on-year, with 78% of organizations reporting issues in 2025 compared to 86% in 2024. However, the severity of burnout has increased, with 20% of organizations frequently experiencing burnout (up from 17% in 2024).
AI tools, when deployed thoughtfully, can provide relief by scaling operational capability and enabling faster incident response, according to Aaron Bugal, field chief information security officer, APJ, Sophos. Among those using AI in cybersecurity, the biggest benefit reported is more accurate triaging and escalation of incidents, helping reduce stress and improve response speed.
However, the surge of shadow AI - unauthorized, unregulated AI tools being used by employees - poses new risks that many organizations are not prepared for. 32% of Australian organizations admit to shadow AI usage by employees, and another 13% are unsure if it exists within their organization. The lack of visibility into shadow AI usage, data access, and employees involved is creating new risks.
Governance and clear boundaries around AI usage are essential, as stated in the report. The report suggests that security awareness must extend beyond phishing emails to include how people use and share sensitive data through AI tools. Australian respondents feel that regulations and legislation are reactive and make managing cybersecurity more difficult.
Executives often assume cybersecurity to be easy and over-exaggerated, and keeping pace with cybersecurity threats are the top frustrations for security teams in Australia. The report indicates that cybersecurity stress and burnout are not just operational concerns but are cultural, strategic, and deeply human challenges.
To access the full report, visit the provided link. The report continues to explore the business dimensions of cybersecurity rather than purely technical assessments. Moreover, 80% of Australian organizations plan to increase their cybersecurity budgets in the next year, with 15% increasing by 10% or more and 34% increasing by 5-9.99%.
In conclusion, the Sophos report provides a comprehensive overview of the current state of cybersecurity in Australia, highlighting both the benefits and challenges of AI integration. It underscores the need for clear AI governance, increased cybersecurity budgets, and a shift in mindset towards understanding the human aspects of cybersecurity.
