KUALA LUMPUR (Feb 6): A majority of cyber security and IT professionals in Malaysia are impacted by burnout and fatigue, according to the British-based security software and hardware company.

In a statement on Tuesday, Sophos said the study revealed that burnout was recorded across almost all sectors of cyber security operations, with 90% of respondents saying that feelings of burnout had increased in the last 12 months.

Out of these, 55% said that this burnout makes them “less diligent” in their cyber security roles; 21% of respondents identified that cyber security burnout or fatigue contributed to, or was directly responsible for, a cyber security breach and 22% of companies experienced slower than average response times to cyber security incidents.

Sophos said the five main causes of cyber burnout and fatigue in Malaysia include:

1. A lack of resources available to support cyber security activities.
2. An increased level of pressure from board and/or executive management.
3. Persistent alert overload from tools and systems.
4. The routine aspects of the role, which create a feeling of monotony.
5. Increase in threat activity and the adoption of new technologies that foster a more challenging, always on environment.

Sophos field chief technology officer Aaron Bugal said at a time when organisations are struggling with cyber security skills shortages and an increasingly complex cyberattack environment, employee stability and performance are critical for providing a solid defence for the business.

“Burnout and fatigue are undermining these areas and organisations need to step up to provide the right support to employees especially when, according to our research, 21% of Malaysian respondents identified that cyber security burnout or fatigue contributed to, or was directly responsible for, a cybersecurity breach.

“Although there’s no simple fix, an attitude adjustment would go a long way to define the right expectations around what it means to evolve into a cyber-resilient business.

“Boards and executive committees need to drive change and demand responsibility from their deputised charges, in essence for better governance around cyber approaches,” said Bugal.