Sophos has released the fifth edition of its annual study, The Future of Cybersecurity in Asia Pacific and Japan (APJ), conducted with Tech Research Asia (now part of Omdia). The 2025 report reveals a sharp rise in cybersecurity burnout across India, with 95% of organisations reporting burnout issues, up from 83% in 2024.
The top drivers behind this surge are increased threat activity, mounting pressure from boards and executive leadership, and alert overload.
“The triad of increased threats, executive demands, and alert fatigue is making cybersecurity unsustainable for many teams,” said Aaron Bugal, Field Chief Information Security Officer, APJ, Sophos. “Burnout is not just an operational problem – it’s cultural, strategic, and deeply human. Thoughtfully deployed AI tools can help alleviate stress, but shadow AI use introduces a new layer of risk that most organisations are not yet prepared for.”
Burnout as a Business Issue
The report positions burnout as more than a technology challenge—it’s a business risk affecting productivity, incident response, retention, and overall resilience. The severity of burnout has also intensified: 47% of organisations say burnout is frequently experienced, compared with 37% in 2024.
On a positive note, 87% of Indian organisations now provide counselling for cybersecurity stress and burnout, up from 74% last year.
AI: Double-Edged Sword
AI is reshaping cybersecurity in two critical ways:
- As a relief mechanism: 97% of Indian organisations surveyed are already using tools such as ChatGPT, copilots, and agentic AI, with 92% having a formal AI strategy. Those using AI in cybersecurity cite more accurate triaging and faster incident response as key benefits.
- As a risk factor: 62% admit to shadow AI use—employees using unapproved tools—while another 31% are unsure whether it exists in their organisation. This lack of visibility over who is using what data through which AI system is exposing companies to new risks.
The findings underscore the urgency for robust AI governance frameworks that balance innovation with oversight.
Additional Insights from India
- Performance under pressure: Burnout leads to underperforming IT and security teams, slower response to incidents, and disengagement from cybersecurity duties.
- Budgets trending upward: 71% of Indian organisations plan to raise cybersecurity budgets in the coming year, with 30% increasing by 10% or more.
- Compliance fatigue: Respondents report difficulty keeping pace with evolving threats, while reactive regulations and weak security culture add to the strain.
