New Sophos Report Finds AI Adoption, Increased Threat Activity Keeping Cybersecurity Burnout High in Malaysia in 2025

Sophos, a global leader in advanced security solutions, has unveiled the fifth edition of its report The Future of Cybersecurity in Asia Pacific and Japan (APJ), produced in collaboration with Tech Research Asia (now part of Omdia). The findings reveal that cybersecurity burnout remains high in Malaysia, with 90% of organisations surveyed experiencing issues—primarily driven by increased threat activity, lack of resources, and unclear cybersecurity strategies.

The 2025 Sophos report also highlights how Artificial Intelligence (AI) is having a two-pronged effect on cybersecurity, with AI-powered security tools helping to alleviate some of the issues associated with fatigue, while shadow AI use by employees is complicating cybersecurity efforts.

“The triad of increased threats, unclear strategies, and limited resources is making cybersecurity unsustainable for many teams,” said Aaron Bugal, Field Chief Information Security Officer, APJ, at Sophos. “This year’s findings reinforce what we’ve observed in the field: cybersecurity stress and burnout are more than just operational concerns—they’re cultural, strategic, and deeply human challenges. AI tools, when deployed thoughtfully, can provide relief by scaling operational capability and enabling faster incident response. But the surge of shadow AI—unauthorised, unregulated AI tools being used by employees—poses new risks that many organisations are not prepared for.

“We’re witnessing a new era where security awareness must extend beyond phishing emails to include how people use and share sensitive data through AI tools. Governance, and clear boundaries around AI usage, are essential.”

Sophos: Cybersecurity Burnout Is a Business Issue

The report reveals that cybersecurity stress is not just a tech issue—it is a business one. Burnout affects productivity, incident response, and employee retention, and contributes to breaches. The top three most common cybersecurity frustrations amongst Malaysian respondents were:

• Keeping up with the pace of cybersecurity threats

• Executives assuming cybersecurity is easy, and concerns are over-exaggerated

• Inability to create a strong cybersecurity culture across the organisation

AI: Friend or Foe?

AI’s promise is undeniable: 91% of Malaysian organisations surveyed are already using business AI tools such as ChatGPT, co-pilots, and agentic AI, and 78% have a formal AI strategy in place. Among those using AI in cybersecurity, the biggest benefit reported is more accurate triaging and escalation of incidents, helping reduce stress and improve response speed.

However, 36% admit to shadow AI usage—employees using unauthorised tools—while another 13% are unsure whether shadow AI is in their organisation. The lack of visibility into what tools are being used, what data they access, and which employees are using them is creating new risks.

These findings by Sophos underline the need for robust AI governance frameworks that not only define policy, but also enforce oversight, especially as AI continues to be woven into core business operations.

Other Key Insights from the Sophos Report

• Burnout intensifies its impact: Organisations lost an average of 5.6 hours per employee per week due to stress and fatigue—up from 4.1 hours per week in 2024.

• Budgets remain robust: 93% of organisations plan to increase their cybersecurity budgets in the next year, with 27% planning an increase of 10% or more.