Cybersecurity workers in Australia are losing more hours of productivity to stress and burnout than they were just a year ago, with artificial intelligence both helping and hindering the situation according to a survey commissioned by cybersecurity firm Sophos.
Industry professionals have lost 4.8 hours per week to stress and burnout in 2025 — a 26 per cent increase on the 3.8 hours they reported losing in 2024 — according to more than 200 Australian cybersecurity and IT workers surveyed in June.
Almost 80 per cent of surveyed organisations reported experiencing cybersecurity stress or burnout, according to the fifth and latest edition of Sophos’s The Future of Cybersecurity in Asia Pacific and Japan report, released on Thursday.
The company’s field chief information security officer in the region, Aaron Bugal, said increased cyber threats, regulatory demands, and limited budgets and resources were “making cybersecurity unsustainable for many teams”.
“This year’s findings reinforce what we’ve observed in the field: cybersecurity stress and burnout are more than just operational concerns — they’re cultural, strategic, and deeply human challenges,” he said.
Burnout severity increases
While overall reports of cybersecurity burnout decreased in Australia from 86 per cent of companies to 78 per cent in 2025 according to Sophos, the severity of such fatigue had increased slightly.
Twenty per cent of surveyed Australian workers said their organisation experienced burnout not just occasionally but frequently — up from 17 per cent in 2024.
However, 22 per cent of Australian companies said they had not experienced any cybersecurity stress or burnout in 2025, up from only 14 per cent last year, according to the survey.
This may suggest “a widening gap” between “those with more robust, mature cybersecurity practices and lower burnout and those that are still growing their maturity”, Sophos suggested.
One in five Australian workers say their organisation frequently experiences cyber burnout or does not experience it at all, according to Sophos. Image: Shutterstock
More broadly across the Asia Pacific and Japan, 95 per cent of the more than 1,000 respondents said stress and burnout had increased in the past 12 months.
In Australia, almost 70 per cent of surveyed companies said they offered counselling to workers who experienced stress and burnout.
The impacts of such negative experiences could increase the need to recruit more workers while encouraging others to take time off, or lead to weaker cybersecurity and more IT system breaches, the report said.
Sophos’s 2024 survey found burnout contributed to around one in five data breaches.
The company’s latest findings come as unions continue to push for a four-day work week, after several surveys found many Australian workers were fatigued or “languishing”.
AI both a help and hinderance
Sophos's latest survey found AI-powered cybersecurity tools sometimes reduced cyber workers' fatigue "by scaling operational capability and enabling faster incident response", Bugal said.
However, around a third of surveyed businesses reported unauthorised use of AI systems by workers — often called ‘shadow AI’ — which potentially caused more work for security teams.
“The surge of shadow AI … poses new risks that many organisations are not prepared for," Bugal said.
"We’re witnessing a new era where security awareness must extend beyond phishing emails to include how people use and share sensitive data through AI tools.
“Governance and clear boundaries around AI usage are essential.”
Sophos’s findings come after Information Age exclusively reported that analysis by cloud security firm Netskope found many Australian organisations were “taking a cautious stance” by blocking employees from using certain AI models on company systems.
China-based chatbot DeepSeek, text-to-image generator Stable Diffusion, and xAI’s controversial large language model Grok were found to be among the 10 most blocked AI apps in Australia, according to the company.
