New Sophos Report Finds AI Adoption and Increased Threat Activity Amongst Drivers Keeping Cybersecurity Burnout High In Australia in 2025

Shadow AI, resource and budget shortages and meeting compliance and regulatory requirements put pressure on security teams

Artificial Intelligence | Reports & Predictions | Security Operations | Work & Careers

Posted: Thursday, Aug 28

KBI.Media
$
New Sophos Report Finds AI Adoption and Increased Threat Activity Amongst Drivers Keeping Cybersecurity Burnout High In Australia in 2025

New Sophos Report Finds AI Adoption and Increased Threat Activity Amongst Drivers Keeping Cybersecurity Burnout High In Australia in 2025

SYDNEY, Aust: August 28, 2025 – Sophos, a global leader in advanced security solutions, today unveiled the 5th edition of its report The Future of Cybersecurity in Asia Pacific and Japan (APJ), produced in collaboration with Tech Research Asia (now part of Omdia). The findings reveal that cybersecurity burnout remains high in Australia, with 78% of organisations surveyed experiencing issues – primarily driven by increased threat activity, lack of resources, and complex compliance requirements.

The 2025 report also highlights how AI is having a two-pronged effect on cybersecurity with AI-powered security tools helping to alleviate some of the issues associated with fatigue, while shadow AI use by employees is complicating cybersecurity efforts.

“The triad of increased threats, regulatory demands, and limited resources is making cybersecurity unsustainable for many teams,” said Aaron Bugal, field chief information security officer, APJ, Sophos. “This year’s findings reinforce what we’ve observed in the field: cybersecurity stress and burnout are more than just operational concerns – they’re cultural, strategic, and deeply human challenges. AI tools, when deployed thoughtfully, can provide relief by scaling operational capability and enabling faster incident response. But the surge of shadow AI – unauthorised, unregulated AI tools being used by employees – poses new risks that many organisations are not prepared for.

“We’re witnessing a new era where security awareness must extend beyond phishing emails to include how people use and share sensitive data through AI tools. Governance and clear boundaries around AI usage are essential.”

Cybersecurity Burnout Is a Business Issue

The report reveals that cybersecurity stress is not just a tech issue – it is a business one. Burnout affects productivity, incident response, employee retention, and contributes to breaches.

AI: Friend or Foe?

AI’s promise is undeniable: 70% of Australian organisations surveyed are already using business AI tools such as ChatGPT, co-pilots, and agentic AI, and 53% have a formal AI strategy in place. Among those using AI in cybersecurity, the biggest benefit reported is more accurate triaging and escalation of incidents, helping reduce stress and improve response speed.

However, 32% admit to shadow AI usage – employees using unauthorised tools – while another 13% are unsure whether shadow AI is in their organisation. The lack of visibility into what tools are being used, what data they access, and which employees are using them is creating new risks.

These findings underline the need for robust AI governance frameworks that not only define policy but also enforce oversight, especially as AI continues to be woven into core business operations.

Other Key Insights From The Report

Burnout intensifies in impact: In Australia, overall burnout levels have eased year-on-year, with 78% of organisations reporting issues in 2025 compared with 86% in 2024. However, the severity of burnout has increased, with 20% of organisations surveyed saying burnout is frequently experienced (up from 17% in 2024). Stress and fatigue are costing Australian organisations an average of 4.8 hours per employee per week in lost productivity, up from 3.8 in 2024.
Budgets are on the rise: 80% of Australian organisations surveyed plan to increase their cybersecurity budgets in the next year, with 15% increasing by 10% or more and 34% increasing by 5–9.99%.
Regulation a double-edged sword: Australian respondents feel that regulations and legislation are reactive and make managing cybersecurity more difficult as a result. This, combined with executives often assuming cybersecurity is easy and over-exaggerated, and trying to keep pace with cybersecurity threats make up the three top frustrations for security teams.

About the Report

Commissioned by Sophos and conducted by Tech Research Asia, the 2025 study surveyed 926 cybersecurity and IT professionals across Australia, India, Japan, Malaysia, the Philippines, and Singapore. Now in its fifth edition, the report continues to explore the business dimensions of cybersecurity rather than purely technical assessments.

To access the full report, visit here.

About Sophos

Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response. Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats. Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

About Tech Research Asia

Tech Research Asia (TRA) (now part of Omdia) is a technology research, consulting and advisory firm working across Asia Pacific specialising in analysing trends in technology and the impact on business value. We help organisations across the region, technology vendors and channel partners build deeper market understanding and improve their business results. We are rigorous, fact-based, open, and transparent. And we offer research, consulting, engagement and advisory services We also conduct our own independent research on the issues, trends, and strategies that are important to executives and other leaders that want to leverage the power of modern technology.