The onslaught of cyber attacks in recent years means organisations have increased hiring, invested more in tools, and built new strategies. However, much like any department, for cyber security to thrive – and especially its employees– it must continue to be nurtured and addressed.

Evolving cyber attack tactics, emerging technologies, and shifting regulations have all placed mounting pressures on IT and cyber security teams. We are truly at a point where there are no days off for cyber security – and that means no days off for cyber professionals. This, of course, isn’t sustainable.

Businesses must consider how they are supporting their cyber employees, or else they risk burning out their teams and losing them. Concerningly, a burnt-out cyber security team isn’t just a people issue; it’s a severe business risk for the entire organisation

Burnout booms for cyber professionals

Cyber burnout is not a growing issue; it’s an established organisational problem. Sophos’ Future of Cybersecurity in APJ 2025 report found that 58 per cent of Australian cyber professionals occasionally feel burnt out (a positive trend down from 69 per cent in 2024). However, more worryingly, one in five (20 per cent) cyber professionals frequently feel burnt out, up from 17 per cent in 2024.

The most common contributors to Australian cyber professionals experiencing burnout are increased threat activity, a lack of budget, and a lack of resources to support cyber security activities. It is worth noting that a lack of budget has caused the same amount of burnout as the threats themselves, an outlier for Australia compared to the Asia-Pacific region.

Burnout for Australian cyber professionals from budget is understandable, as only 15 per cent of cyber security budgets increased by 10 per cent or more last year, well under the APAC average of 24 per cent. In fact, more budgets didn’t increase at all, as one in five (20 per cent) of Australian cyber security budgets stayed the same or decreased (compared to only 14 per cent for APAC). This lack of support stems from common frustrations, as executives assume cyber security is easy and concerns are over-exaggerated, ranked in the top three for Australian cyber professionals.

This pressure has inevitably hurt cyber security and IT teams’ productivity, and Sophos’ Future of Cybersecurity in APJ report found Australian cyber professionals have lost close to five hours of productivity due to stress and burnout. Dangerously, this has a ripple effect on the safety of businesses.

Weak support creates weak security

When the work of cyber teams slows, the entire organisation’s cyber security weakens. Sophos’ Future of Cybersecurity in APJ report uncovered that the top three impacts of cyber professional burnout included a weakened cyber security stance, slower incident response time, and the threat of being breached. Across APAC, 31 per cent of organisations experienced a breach as a result of burnout – an alarming number.

Read the full article here.