Cybersecurity burnout, advanced AI threats, and rising geopolitical tensions across the globe are heavily impacting businesses and their cybersecurity strategies. These challenges call for a rethink in cybersecurity strategies and place a greater importance on cyber preparedness and incident response.
Chief Cybersecurity Strategist at NTT.
Exhausted cybersecurity workforce leads to gaps in defense
Businesses are underestimating how stressed- and burned-out cybersecurity professionals truly are, and the effect is deteriorating their cyber defenses. The world already faces an acute shortage of cybersecurity professionals, and an overstretched workforce is only exacerbating the weakening of our defenses.
Gartner’s survey in 2023 analyzed that 62% of cybersecurity professionals experienced burnout at least once, and 44% did multiple times. The analyst firm predicted that half of cybersecurity leaders would change their job by 2025 due to stress, and 25% would “pursue different roles entirely.”
This burnout can impact the most critical stages of cybersecurity. Despite millions being spent on manual alert triages - the United States alone spends $3.3 billion per year, according to a 2023 survey by VectraAI - security operations center analysts reported suffering alert fatigue.
On a daily basis, they are spending nearly three hours triaging thousands of alerts manually, and 67% of those alerts were not resolved. This is where automated threat detection and the use of AI can reduce some of the cybersecurity world’s burden. Unfortunately, threat actors are adopting such techniques at a faster rate than defenders.
AI for good
Today’s attackers are benefiting from emerging technologies, like AI, to enhance their efficiency in malicious ventures. Research by Radware found that generative AI can be used by threat actors to shorten the time to find vulnerabilities by as much as 90%. When creating phishing messages for training exercises, IBM also found that through the use of ChatGPT, they could reduce 16 hours of manual labor to just five minutes.
The speed and ease of generative AI have also lowered the barrier to entry for those who lack an IT background. In one case, police in Japan had arrested a man in his 20s, who had created ransomware in less than six hours - with no prior IT or cybersecurity knowledge. In another case, a 17-year-old Japanese high schooler had successfully created a ChatGPT tool that collects credit card information and used it to go shopping.
Cybersecurity defenders have no choice but to take advantage of AI to keep pace. Automating some of our tasks and workloads will reduce our burden. At NTT, we have been using machine learning capabilities over the last decade or so to analyze behavioral patterns and use predictive analytics to detect threats, and we have recently started to use generative AI too. For example, NTT Security proved that GPT-4 can identify if a website is legitimate or phishing at over 98% accuracy ratio, and even GPT 3.5 can at 86.7%.
Geopolitical tensions between the Taiwan Strait
Geopolitical tensions are fueling a rise in state-sponsored cyber operations. In fact, a precursor to a potential Taiwan crisis has already taken place in cyberspace.
The Chinese state-sponsored actor group, Volt Typhoon, is believed to pre-position itself on the networks of critical infrastructure companies in the communication, energy, transportation, and water sectors to launch disruptive cyberattacks as a consequence of conflict with the United States. However, Volt Typhoon’s targets are not necessarily limited to U.S.-based critical infrastructure companies.
Lumen’s Black Lotus Labs, reported in August 2024, with moderate confidence, that traits of threat actor, Volt Typhoon, had breached four U.S victims and one non-U.S. organization within the internet service provider, managed service provider and IT sectors last year. A Bloomberg article in November 2024 also suggested that Singtel had been breached as part of a “test run” for attacks against U.S. telecommunication companies.
While there has been no report that Volt Typhoon has breached any critical infrastructure companies in Japan or Taiwan, Cisco Talos published a blog in March 2025 that a Chinese hacker group, UAT-5918, had been attacking Taiwanese telecommunications, healthcare, information technology, and other critical infrastructure sectors, and their tactics and targets are similar to Volt Typhoon’s.
Given the geographical proximity of Japan to Taiwan and the alliance between Japan and the United States, both countries will have a role to play in a crisis involving Taiwan. Okinawa has bases of the Japanese Self-Defense Forces and U.S. military. Retired General Paul Nakasone, former Commander, U.S. Cyber Command, and former Director, National Security Agency, alerted during an interview by Ryu-Q Asahi Broadcasting, an Okinawan TV station, in March 2025 that Volt Typhoon might have been penetrated into “places in Okinawa,” and “They would be able to do such things as perhaps turning off power in Naha or being able to impact the economy of Okinawa.”
In fact, the U.S. military consumes nine percent of the electric power in Okinawa. Thus, critical infrastructure companies in the United States and Japan need to enhance their cyber defenses and proactively hunt threats to minimize potential damages. This is crucial for the two allies to stay operational and resilient economically and militarily in crisis.
Japanese Active Cyber Defense
Businesses and regulators need to work together to share cyber threat intelligence and the painful lessons they have learned to close defensive gaps, especially when their country face more cyber challenges in heightened geopolitical tensions.
Since regulators accumulate incident reports from businesses, it would be beneficial for businesses to receive actionable threat intelligence and threat mitigation methods from the government in a classified or sanitized way. It would also help the industry to proactively conduct threat hunting before they are hit by a cyberattack.
That is why the Japanese Diet (parliament) passed the Active Cyber Defense legislation in May 2025. This law aims to minimize potential damage caused by cyberattacks against the Japanese government or critical infrastructure that can threaten Japan’s national defense, even when that cyberattack does not constitute part of an armed attack.
The legislation has three pillars: public-private partnerships, government usage of telecommunication data, and neutralization of such cyberattacks by the police and Self-Defense Forces, even before they are launched. The legislation was passed the same day that another act was enacted to expand the coverage of security clearance to industry personnel.
A combination of the two acts, would allow the government to disseminate even classified cyber threat intelligence to the industry to warn and advise them about threats and actions to take.
Of course, it will take some time for Japan to operationalize active cyber defense and expanded security clearance. Still, it is highly beneficial for Japan as well as its allies and partners, because threat actors tend to exploit the weakest link in cyber defenses.
Since the damage of cyberattacks go beyond national borders, a breach in Japan can lead to the leakage of sensitive information on the United Kingdom and suspended Japanese business operations can disrupt supply chains in Australia and the United States.
Furthermore, these two types of capabilities will require Japan to improve its intelligence capacity. Without visibility, it is impossible to manage or minimize cyber threats. The expanded security clearance in Japan would also enable like-minded countries to share more cyber threat intelligence, leading to more robust defenses.
C-Suite preparedness: a trifecta solution
As adversaries are flexibly taking advantage of artificial intelligence, generative AI, and deepfake to launch cyberattacks in scale and at lower costs, defenders must use emerging technologies. However, it is still people that need to make the final decision on what to invest in and what to prioritize.
According to the 2025 EY Global Cybersecurity Leadership Insights Study, only 13% of CISOs answered that “they were consulted early when urgent strategic decisions were being made,” although “the cybersecurity function typically accounts for 11% to 20% of the value produced by enterprise-wide initiatives it is involved in.”
Thus, it is crucial for the C-suite to start inviting the CISO to board and executive meetings to incorporate cybersecurity perspectives in strategic decision-making. Moreover, the leadership needs to champion the cybersecurity team with sufficient resources to allow them to engage with and respond to threats flexibly and quickly.
Finally, gratitude and recognition from the leadership are also important. It is rewarding and that feeling further motivates defenders to fight adversary and protect corporate brand, employees, and customers.
Empower cybersecurity professionals through training
There are two ways to train the next generation of defenders: train existing workforce who are not necessarily technologically savvy but who are interested in cybersecurity and educate young people who are currently in school.
For example, NTT Group launched an internal bug bounty program in 2023, and non-cybersecurity professionals have been contributing to improving internal cybersecurity by reporting bugs through it. This showcases that recognition and incentive can motivate people to be part of a cybersecurity team and enable better security.
Furthermore, leadership needs to provide flexibility and educational opportunities to grow for cybersecurity professionals. If those professionals live in rural areas, there are fewer chances for them to network with local professionals. It is important to fund them and let them participate in cybersecurity events to learn from each other. Equally, it is crucial for cybersecurity professionals to engage with young students from elementary schools to graduate schools, to share their first-hand expertise and inspire them.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.