MANY Philippine organizations are experiencing staff burnout from dealing with cybersecurity threats, British cybersecurity firm Sophos said.
It added that a shortage of chief information security officers (CISOs) is causing “chaos,” leading to incoherent responses to cybersecurity incidents.
“When you don’t have leaders understanding the risk and the steps towards improved cybersecurity maturity, it’s chaos… So, there’s a lack of cohesion without a CISO to translate risk to the business,” according to Gavin Struthers, senior vice-president at Sophos, said at a briefing on Wednesday.
“Because of the high stakes and the rapidly changing environments around cybersecurity, it’s a very acute problem in technology, and organizations are struggling to keep up,” he said.
Sophos estimates that cybersecurity workers in the Philippines lose an average of 4.2 hours weekly to dealing with threats, against 4.6 a year earlier.
About 88% of Philippine businesses experience staff burnout due to lack of resources, work overload in response to cyber alerts, and unclear cyber strategies, according to Sophos’ “The Future of Cybersecurity Report in Asia Pacific and Japan.”
According to Mr. Struthers, cybersecurity-related stress and burnout often leads to a weaker cybersecurity stance, slow incident response, and underperforming IT (information technology) and cybersecurity teams.
“One of the greatest causes of (cybersecurity-related) burnout is one or two or a few individuals in an organization scrambling every day to deal with these issues.”
Less than 1% of organizations globally have a CISO, he added.
“There needs to be stronger leadership in organizations to not only provide lip service in dealing with the issues of cybersecurity, but actually taking responsibility and being more involved in how to put together the right strategy for an organization,” Mr. Struthers said.
The report also found that 89% of organizations in the Philippines use artificial intelligence (AI) solutions in their operations.
However, some employees use “shadow AI” tools, or AI solutions unauthorized by their organization, which could lead to data exposure and cybersecurity risks.
“It means you could be sharing your quarterly financial results with a LLM (large language model) or a GenAI platform… And suddenly, you’ve shared private information, or maybe, intellectual property to an LLM that other people have access to,” Mr. Struthers said.
According to the report, 30% of Philippine organizations expect an increase in their cybersecurity budgets of 10% or more next year, while 33% see a funding increase of at least 5%.
“We’re witnessing a new era where security awareness must extend beyond phishing e-mails to include how people use and share sensitive data through AI tools. Governance and clear boundaries around AI usage is essential,” Mr. Struthers added.
Sophos commissioned research and advisory firm Tech Research Asia to compile the report, which surveyed 926 cybersecurity and IT professionals in the Philippines, Malaysia, India, Japan, and Australia this year. — Beatriz Marie D. Cruz