Nearly nine in 10 organizations in the Philippines are struggling with cybersecurity burnout, with employees losing hours of productivity each week due to stress and fatigue, global security firm Sophos said.
The findings are from the Future of Cybersecurity in Asia Pacific and Japan (APJ) report, commissioned by Sophos and conducted by Tech Research Asia, now part of Omdia. The 2025 edition surveyed 926 cybersecurity and IT professionals across Australia, India, Japan, Malaysia, the Philippines, and Singapore.
Citing the report, Sophos Asia-Pacific and Japan executive Gavin Struthers said 89 percent of Philippine organizations experienced burnout, among the highest levels globally.
“I would describe cybersecurity burnout as a pressure cooker. We continue to live in a pressure cooker. And cyber burnout for organizations remains really high,” Struthers said in a media roundtable at the Sophos headquarters in Makati city.
Moreover, Struthers said Philippine organizations reported an average of 4.2 hours per employee of lost productivity per week because of burnout, slightly down from 4.6 hours last year.
“The consequence of those are lack of lost productivity. In the Philippines, organizations reported 4.2 hours per employee of lost productivity,” he said.
Seventeen percent of organizations reported frequent burnout, while 71 percent said they experienced it occasionally.
Main drivers
According to Struthers, the top three reasons for burnout in the Philippines are lack of resources, alert overload, and unclear strategies.
“When you’ve got this evolving threat and risk, it’s just not enough hands and not enough experienced hands to deal with the problem,” he said.
He added that burnout is not only a technical concern but also a leadership issue.
“This is definitely a business issue. Of course, there are operational issues, there are technical issues. But frankly, there needs to be stronger leadership in organizations to not only provide lip service to dealing with the issues of cybersecurity, but actually taking responsibility,” he said.
The Sophos official said ransomware attacks deepen the problem, with stress often extending to senior management.
“Whenever there’s a ransomware attack, one in four of organizations report their leaders leave. They might get asked to leave or they self-select, they leave. Because of the burnout or they’re not prepared to live with it or they feel they’re not supported,” Struthers said.
He warned that burnout could undermine culture and morale in workplaces.
“Burnout affects people and they don’t show up for work, they report in sick. Some of that leads very sadly to mental health issues and especially when they don’t get the support of their leaders, this becomes a cultural issue and affects morale,” he said.
AI as opportunity and risk
Struthers noted that artificial intelligence (AI) is playing a dual role in cybersecurity.
“It really helps accelerate finding the problem and addressing the problem. But of course, it’s in the hands of the defenders, but it’s also in the hands of attackers,” he said.
In the Philippines, 89 percent of organizations reported that they use AI, according to the report. One-third of organizations also admitted that “shadow AI,” or the use of unauthorized tools by employees, exists in their systems.
“That’s a real concern. So now data issues, intellectual property issues, and so that’s why it’s a real concern, something we’re going to have to watch very closely,” Struthers said.
Despite these challenges, Struthers noted that the Philippines has become Sophos’ largest contributor in Southeast Asia, with growth in the local market outpacing the regional average of 12 to 15 percent annually.
“It’s a very vibrant market for cyber security and so we spend a lot of time with customers, working with government, you know, engaging [with] DICT and helping with the cybersecurity challenge,” he said.
Sophos, headquartered in the United Kingdom, provides security solutions to more than 600,000 organizations worldwide. The company, which generates more than $1 billion in annual revenue, recently expanded its services through the $860-million acquisition of SecureWorks.
