Australian organisations are continuing to grapple with high levels of cybersecurity burnout in 2025, according to the latest research from Sophos and Tech Research Asia.
The fifth annual edition of “The Future of Cybersecurity in Asia Pacific and Japan” indicates that 78% of Australian organisations surveyed are experiencing ongoing issues with burnout.
The primary factors contributing to this include a rise in cyber threats, insufficient resources, and increasingly complex regulatory obligations.
Aaron Bugal, field chief information security officer for Asia-Pacific and Japan at Sophos, said the combination of escalating cyber threats, increasing regulatory requirements, and limited resources is putting significant strain on cybersecurity teams.
“This year’s findings reinforce what we’ve observed in the field: Cybersecurity stress and burnout are more than just operational concerns – they’re cultural, strategic, and deeply human challenges,” he said, as reported by iTWire.
Bugal explained that, while AI solutions can help ease some of these pressures by improving operational efficiency and speeding up incident response, the rise of unauthorised or unmanaged AI usage by employees – often referred to as shadow AI – introduces additional risks that many organisations are not yet equipped to address.
The insurance sector in Australia is seeing a rapid increase in the use of AI, especially in claims management.
According to Gallagher Bassett’s “Carrier Perspective: 2025 Claims Insights” whitepaper, 88% of insurers in Australia now use generative AI in at least one part of their claims process, a significant increase from the previous year.
The report also noted that 64% of insurers identify improved decision-making through data analytics as a key benefit of AI, and 62% are using AI to detect fraudulent claims, compared to 58% globally.
Insurers are also beginning to explore agentic AI, with 20% piloting use cases and 12% reporting partial or scaled implementation. Despite this, only a small proportion (4%) express full trust in AI agents, according to a Capgemini Research Institute report.
While AI is helping to address some operational pressures, the use of unauthorised AI tools by staff – referred to as shadow AI – is complicating risk management.
The Sophos report found that nearly one-third of Australian organisations acknowledge the use of shadow AI, and a further 13% are unsure if such tools are being used within their teams. This lack of oversight is creating new risks around data security and compliance.
“We’re witnessing a new era where security awareness must extend beyond phishing emails to include how people use and share sensitive data through AI tools. Governance and clear boundaries around AI usage are essential,” Bugal said.
In response to the growing threat landscape, 80% of Australian organisations surveyed plan to increase their cybersecurity budgets over the next year. Of these, 15% expect to raise spending by at least 10%.
However, many respondents believe that current regulations are reactive and add to the difficulty of managing cybersecurity.
Regulatory requirements, executive perceptions, and the pace of threat evolution are cited as key frustrations for security teams.
The Sophos study suggests that addressing burnout and cyber risk requires a combination of organisational support and technology investment.
Bugal pointed out that providing access to counselling and mental health resources is increasingly important, yet the report shows that 31% of organisations have not yet implemented such support.
“These help business leaders build a safe space for their cyber professionals to have an honest and empathetic conversation about what is currently causing unsustainable pressure in their day-to-day jobs. It also places the onus on the entire company to deal with cybersecurity collectively,” he said.
He further emphasised that for those overseeing business and cybersecurity functions, it is essential to ensure that teams, processes, and technology are aligned and functioning effectively.
“Keeping this in balance may be easier said than done, but simply asking questions of your team and proactively engaging in a protection first strategy for team wellbeing will go a long way in positively reinforcing overall cyber resilience,” he said.
The findings are based on a survey of 926 cybersecurity and IT professionals across the Asia-Pacific region and highlight the increasing need for robust governance as AI becomes more embedded in insurance operations.
