A new report from cybersecurity Sophos has found that nearly nine in ten organizations in the Philippines are grappling with cybersecurity burnout, with experts warning that the shortage of Chief Information Security Officers (CISOs) is making the problem worse.
The “Future of Cybersecurity in Asia Pacific and Japan 2025” study revealed that unclear strategies, resource shortages, and alert overload are overwhelming IT teams.
In many cases, security responsibilities are left to IT managers without specialized training, or outsourced piecemeal to third-party providers, leading to gaps in leadership and heightened stress.
Gavin Struthers, senior vice president of sales for Asia Pacific and Japan at Sophos, described the situation as critical.
“I would describe cybersecurity burnout as a pressure cooker. The lack of CISOs is one of the greatest causes of burnout, because without strong leadership, organizations end up in a game of whack-a-mole — constantly reacting to threats without a cohesive strategy.”
Struthers added that less than 1% of organizations worldwide have a dedicated CISO, a gap that leaves most companies without a clear risk management framework. This leadership vacuum, he warned, not only contributes to burnout but also raises the risk of successful cyberattacks and data breaches.
With 66% of Philippine organizations planning to increase their cybersecurity spending in the next 12 months, Sophos urged companies to invest not only in technology but also in leadership — whether through hiring CISOs or adopting “virtual CISO” models that provide governance and strategy support.
“Cybersecurity is not just a technical issue — it’s a business issue,” Struthers stressed. “Without leadership, organizations will struggle to protect themselves, and burnout will continue to climb.”
