Sophos’ 2025 Future of Cybersecurity in Asia Pacific and Japan report finds cybersecurity burnout at crisis levels in Malaysia, with 90% of organizations impacted by rising threats, limited resources, and unclear strategies. While AI tools improve incident response, shadow AI usage by employees is introducing new risks.
MALAYSIA, 29 AUGUST 2025 – Cybersecurity burnout remains alarmingly high in Malaysia, with 90% of organizations reporting stress-related issues, according to the 5th edition of The Future of Cybersecurity in Asia Pacific and Japan (APJ) report by Sophos in collaboration with Tech Research Asia (now part of Omdia). The report highlights escalating threats, unclear strategies, and resource constraints as key drivers of fatigue among cybersecurity teams.
Aaron Bugal, field chief information security officer for APJ at Sophos, warned that burnout is not just a technical problem but a strategic and cultural challenge. “The triad of increased threats, unclear strategies, and limited resources is making cybersecurity unsustainable for many teams. AI tools, when deployed thoughtfully, can scale operational capability and provide relief, but the rise of shadow AI poses a new layer of risk,” he said.
The study shows that 91% of Malaysian organizations are using business AI tools like ChatGPT, co-pilots, and agentic AI, with 78% adopting formal AI strategies. Among users of AI for cybersecurity, improved incident triage and faster response were the top benefits. However, 36% admitted to employees using unauthorized AI tools, while 13% were unsure whether shadow AI existed within their organizations — exposing them to data security gaps.
Burnout has measurable business consequences, costing companies an average of 5.6 hours of productivity per employee per week, up from 4.1 hours in 2024. The report also notes positive developments: 93% of organizations plan to increase cybersecurity budgets over the next year, with 27% anticipating a boost of 10% or more.
Sophos emphasizes that governance frameworks around AI are critical to ensure secure usage and to maintain visibility into how sensitive data is accessed and shared, especially as AI becomes embedded in daily operations.
