By Rizal Raoul Reyes
The Philippines is experiencing widespread cybersecurity stress and burnout, according to a study by global security solutions provider Sophos.
In a roundtable with local IT journalists on Wednesday, Gavin Struthers, senior vice president for Asia Pacific and Japan of Sophos, said 17% of respondents in the Philippines experienced burnout frequently, while 71% experienced it occasionally. As a result, stress is leading to weakened cybersecurity posture, slower incident response, and underperformance of IT and cybersecurity teams.
The fifth edition of Sophos’ report, “The Future of Cybersecurity in Asia Pacific and Japan,” produced in cooperation with Tech Research Asia (now part of Omdia), revealed that 88% of organizations in the Philippines reported burnout-related issues, slightly lower than 95% in 2024. The main drivers were a lack of resources, an overload of cyber alerts, and unclear strategies.
“What is burnout? Burnout is fatigue. Burnout is stress. And the consequence of those are lost productivity. In the Philippines, organizations reported 4.2 hours per employee of lost productivity,” Struthers said. “The good news is that it is slightly down from last year, 4.6 hours of lost productivity. But the top three reasons they in the Philippines called out this burnout is a lack of resources.”
Struthers said burnout has a major impact on the workplace, leading to absences due to illness and, in worse cases, mental health issues.
The situation is made worse when employees do not get the support of their leaders.
“This becomes a cultural issue and affects morale. So I think that’s the bigger concern, which is the leadership issue,” Struthers said.
Still, there is some optimism as 30% of organizations interviewed in the Philippines expect to increase their cybersecurity budgets by 10% or more in the next year, while another 33% expect increases of between 5% and 5.9%.
With rapid developments in cybersecurity, Struthers said the mental health issue has become an urgent concern for organizations.
According to the Sophos study, cybersecurity is not just a technology issue but also a business one. Burnout affects productivity, incident response, and employee retention, and contributes to breaches. In fact, 31% of companies in Asia Pacific and Japan confirmed that burnout was the cause of a breach.
He added that organizations worldwide are experiencing a shortage of chief information security officers (CISOs), which could further affect the cybersecurity landscape.
“It’s fair to say less than 1% of all sorts of organizations, small, medium, \[and] large enterprise organizations, have a CISO,” he said.
Struthers also noted that many technology resellers and system integrators in the ecosystem lack the expertise to manage cybersecurity challenges.
To address this, Sophos has introduced the vCISO solution, allowing companies to use its suite of security tools and products to strengthen their security posture.
“We spend a lot of time enabling training, raising awareness, and helping with tools,” he said. “For example, I spoke about the NIST framework. We have a National Institute of Standards and Technology (NIST) assessment as a tool you can download, or a system independent can use to assess an organization’s security maturity and posture and provide examples of steps they can take to remedy and improve their environment.”
You must be logged in to post a comment.