News

Cybersecurity burnout, advanced AI threats, and rising geopolitical tensions across the globe are heavily impacting businesses and their cybersecurity strategies. These challenges call for a rethink in cybersecurity strategies and place a greater importance on cyber preparedness and incident response.

Businesses are underestimating how stressed- and burned-out cybersecurity professionals truly are, and the effect is deteriorating their cyber defenses. The world already faces an acute shortage of cybersecurity professionals, and an overstretched workforce is only exacerbating the weakening of our defenses.

Gartner’s survey in 2023 analyzed that 62% of cybersecurity professionals experienced burnout at least once, and 44% did multiple times. The analyst firm predicted that half of cybersecurity leaders would change their job by 2025 due to stress, and 25% would “pursue different roles entirely.”

This burnout can impact the most critical stages of cybersecurity. Despite millions being spent on manual alert triages - the United States alone spends $3.3 billion per year, according to a 2023 survey by VectraAI - security operations center analysts reported suffering alert fatigue.

On a daily basis, they are spending nearly three hours triaging thousands of alerts manually, and 67% of those alerts were not resolved. This is where automated threat detection and the use of AI can reduce some of the cybersecurity world’s burden. Unfortunately, threat actors are adopting such techniques at a faster rate than defenders.

Today’s attackers are benefiting from emerging technologies, like AI, to enhance their efficiency in malicious ventures. Research by Radware found that generative AI can be used by threat actors to shorten the time to find vulnerabilities by as much as 90%. When creating phishing messages for training exercises, IBM also found that through the use of ChatGPT, they could reduce 16 hours of manual labor to just five minutes.

The speed and ease of generative AI have also lowered the barrier to entry for those who lack an IT background. In one case, police in Japan had arrested a man in his 20s, who had created ransomware in less than six hours - with no prior IT or cybersecurity knowledge. In another case, a 17-year-old Japanese high schooler had successfully created a ChatGPT tool that collects credit card information and used it to go shopping.

Cybersecurity defenders have no choice but to take advantage of AI to keep pace. Automating some of our tasks and workloads will reduce our burden. At NTT, we have been using machine learning capabilities over the last decade or so to analyze behavioral patterns and use predictive analytics to detect threats, and we have recently started to use generative AI too. For example, NTT Security proved that GPT-4 can identify if a website is legitimate or phishing at over 98% accuracy ratio, and even GPT 3.5 can at 86.7%.

Geopolitical tensions are fueling a rise in state-sponsored cyber operations. In fact, a precursor to a potential Taiwan crisis has already taken place in cyberspace.

The Chinese state-sponsored actor group, Volt Typhoon, is believed to pre-position itself on the networks of critical infrastructure companies in the communication, energy, transportation, and water sectors to launch disruptive cyberattacks as a consequence of conflict with the United States. However, Volt Typhoon’s targets are not necessarily limited to U.S.-based critical infrastructure companies.

Lumen’s Black Lotus Labs, reported in August 2024, with moderate confidence, that traits of threat actor, Volt Typhoon, had breached four U.S victims and one non-U.S. organization within the internet service provider, managed service provider and IT sectors last year. A Bloomberg article in November 2024 also suggested that Singtel had been breached as part of a “test run” for attacks against U.S. telecommunication companies.

While there has been no report that Volt Typhoon has breached any critical infrastructure companies in Japan or Taiwan, Cisco Talos published a blog in March 2025 that a Chinese hacker group, UAT-5918, had been attacking Taiwanese telecommunications, healthcare, information technology, and other critical infrastructure sectors, and their tactics and targets are similar to Volt Typhoon’s.

Given the geographical proximity of Japan to Taiwan and the alliance between Japan and the United States, both countries will have a role to play in a crisis involving Taiwan. Okinawa has bases of the Japanese Self-Defense Forces and U.S. military. Retired General Paul Nakasone, former Commander, U.S. Cyber Command, and former Director, National Security Agency, alerted during an interview by Ryu-Q Asahi Broadcasting, an Okinawan TV station, in March 2025 that Volt Typhoon might have been penetrated into “places in Okinawa,” and “They would be able to do such things as perhaps turning off power in Naha or being able to impact the economy of Okinawa.”

In fact, the U.S. military consumes nine percent of the electric power in Okinawa. Thus, critical infrastructure companies in the United States and Japan need to enhance their cyber defenses and proactively hunt threats to minimize potential damages. This is crucial for the two allies to stay operational and resilient economically and militarily in crisis.

Businesses and regulators need to work together to share cyber threat intelligence and the painful lessons they have learned to close defensive gaps, especially when their country face more cyber challenges in heightened geopolitical tensions.

Since regulators accumulate incident reports from businesses, it would be beneficial for businesses to receive actionable threat intelligence and threat mitigation methods from the government in a classified or sanitized way. It would also help the industry to proactively conduct threat hunting before they are hit by a cyberattack.

That is why the Japanese Diet (parliament) passed the Active Cyber Defense legislation in May 2025. This law aims to minimize potential damage caused by cyberattacks against the Japanese government or critical infrastructure that can threaten Japan’s national defense, even when that cyberattack does not constitute part of an armed attack.

The legislation has three pillars: public-private partnerships, government usage of telecommunication data, and neutralization of such cyberattacks by the police and Self-Defense Forces, even before they are launched. The legislation was passed the same day that another act was enacted to expand the coverage of security clearance to industry personnel.

A combination of the two acts, would allow the government to disseminate even classified cyber threat intelligence to the industry to warn and advise them about threats and actions to take.

Of course, it will take some time for Japan to operationalize active cyber defense and expanded security clearance. Still, it is highly beneficial for Japan as well as its allies and partners, because threat actors tend to exploit the weakest link in cyber defenses.

Since the damage of cyberattacks go beyond national borders, a breach in Japan can lead to the leakage of sensitive information on the United Kingdom and suspended Japanese business operations can disrupt supply chains in Australia and the United States.

Furthermore, these two types of capabilities will require Japan to improve its intelligence capacity. Without visibility, it is impossible to manage or minimize cyber threats. The expanded security clearance in Japan would also enable like-minded countries to share more cyber threat intelligence, leading to more robust defenses.

As adversaries are flexibly taking advantage of artificial intelligence, generative AI, and deepfake to launch cyberattacks in scale and at lower costs, defenders must use emerging technologies. However, it is still people that need to make the final decision on what to invest in and what to prioritize.

According to the 2025 EY Global Cybersecurity Leadership Insights Study, only 13% of CISOs answered that “they were consulted early when urgent strategic decisions were being made,” although “the cybersecurity function typically accounts for 11% to 20% of the value produced by enterprise-wide initiatives it is involved in.”

Thus, it is crucial for the C-suite to start inviting the CISO to board and executive meetings to incorporate cybersecurity perspectives in strategic decision-making. Moreover, the leadership needs to champion the cybersecurity team with sufficient resources to allow them to engage with and respond to threats flexibly and quickly.

Finally, gratitude and recognition from the leadership are also important. It is rewarding and that feeling further motivates defenders to fight adversary and protect corporate brand, employees, and customers.

There are two ways to train the next generation of defenders: train existing workforce who are not necessarily technologically savvy but who are interested in cybersecurity and educate young people who are currently in school.

For example, NTT Group launched an internal bug bounty program in 2023, and non-cybersecurity professionals have been contributing to improving internal cybersecurity by reporting bugs through it. This showcases that recognition and incentive can motivate people to be part of a cybersecurity team and enable better security.

Furthermore, leadership needs to provide flexibility and educational opportunities to grow for cybersecurity professionals. If those professionals live in rural areas, there are fewer chances for them to network with local professionals. It is important to fund them and let them participate in cybersecurity events to learn from each other. Equally, it is crucial for cybersecurity professionals to engage with young students from elementary schools to graduate schools, to share their first-hand expertise and inspire them.

We've featured the best encryption software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

The recent surge in cyberattacks on major UK retailers such as the Co-op and Marks & Spencer has brought home the harsh reality of today’s threat landscape. These breaches haven’t just exposed sensitive data—they’ve caused millions in lost revenue, long-term operational disruption, and reputational damage. For cybercriminals, attacks of this scale serve as proof of the damage they can inflict—and a blueprint for future campaigns.

Cyber threats are no longer rare occurrences. They are relentless, increasingly automated, and difficult to detect. Attackers are exploiting misconfigurations, weak credentials, and unseen trust relationships to move laterally and escalate access—rendering traditional defenses like firewalls and periodic scans no longer sufficient.

Thanks to advances in AI, launching a sophisticated cyberattack now costs next to nothing. Today’s adversaries—from nation-state actors to cybercrime groups—are deploying AI-powered agents capable of disrupting not only individual organizations, but entire sectors. The UK retail incidents may have made headlines, but similar techniques are being used across industries—quietly eroding systems over time.

If there’s one takeaway from these breaches, it’s that they are a wake-up call—an opportunity to separate what’s assumed to be secure from what’s proven to be. Marks & Spencer’s decision to accelerate their tech transformation is the right move, but only if it’s grounded in security that’s continuously validated, not just promised.

Traditional cybersecurity measures—like firewalls, antivirus software, and compliance checklists—were built for a slower, more predictable threat landscape. They aim to block known threats and tick regulatory boxes, often relying on periodic assessments and static defenses.

But today’s threat actors move faster than these systems can react. They use automation and AI to adapt, persist, and exploit weaknesses in real time. In a world where threats evolve daily, a reactive approach simply can’t keep pace. Organizations need strategies that assume compromise, move proactively, and adapt with the same agility as the attackers they face.

We’re in a new reality. With generative AI, developing weaponized exploits no longer requires deep technical expertise—just the right prompt. What once took weeks of work by highly skilled attackers can now be achieved in minutes by anyone with access to the right tools. This levelling of the playing field has dramatically accelerated the pace of cyberattacks.

The moment a vulnerability (CVE) becomes public, attackers begin exploiting it almost instantly. There’s no longer a buffer for defenders to respond. The asymmetric advantage we thought we had—people, process, tools—is eroding because the adversary has something more powerful: tempo. The result is a cyber environment defined by speed, where hesitation or outdated defenses can be costly.

As cyber threats evolve in both speed and sophistication, traditional security measures—while still necessary—are no longer enough on their own. Tools and audits tend to focus on ticking regulatory boxes rather than addressing the weaknesses most likely to be exploited in real-world attacks.

To stay ahead, organizations need to go beyond passive defense and adopt a more adversarial perspective. Offensive security does just that—actively probing systems for weaknesses using techniques such as penetration testing, red teaming, and social engineering simulations. These controlled exercises expose gaps that conventional tools often overlook, giving teams the chance to fix them before malicious actors do.

This shift in approach is becoming crucial. As attackers grow faster and more opportunistic, defenders must become equally agile. Offensive security replaces assumptions with evidence—offering a clear, action-oriented view of where security holds firm and where urgent improvements are needed.

Many organizations are responding to rising cyber threats by increasing patching cycles and ramping up alert monitoring. But volume alone doesn’t equal security. The real challenge is not visibility, but prioritization. Rather than trying to fix everything at once, security teams must understand where cyber criminals are most likely to strike—and act accordingly.

This is where adversarial testing plays a vital role. Simulating the techniques used by real attackers helps uncover the vulnerabilities that matter most. It moves businesses away from reactive models and towards a more strategic, evidence-based approach to defense.

For UK companies—especially in exposed sectors like retail—key steps include:

• Implementing continuous security testing to keep pace with constant change
• Reviewing and updating incident response strategies to reflect evolving threats
• Investing in threat intelligence and red-teaming to sharpen detection and resilience

Speed isn’t the enemy—assuming you're secure is. Modernizing in a post-breach window can make you stronger, but only if every new system, integration, or control is tested like an attacker would.

Too many organizations skip this step. They make the mistake of equating 'new' with 'secure' and implement changes without knowing what risks they’re introducing. We’re not in the age of zero-days anymore.

We’re in the age of zero hours. The organizations that stay secure won’t be those that react the loudest—but those that challenge assumptions and prove their defenses work, day in and day out.

Cybersecurity can no longer be treated as a siloed IT concern — it’s a critical business issue that belongs on the board agenda. From operational continuity to customer trust, cyber resilience underpins every facet of modern enterprise. That’s why leadership alignment is essential. Security decisions must be cross-functional, embedded into digital transformation efforts and tied directly to business risk and reputation.

Security-by-design isn’t a checkbox—it’s a mindset. And the only way to know you’re getting it right is to validate like the adversary. That’s how you build real resilience, restore trust, and come back stronger.

In a threat landscape defined by speed and unpredictability, being proactive isn’t optional — it’s essential. UK retailers and businesses across sectors must move beyond reactive measures and start thinking like attackers. The organizations that will lead in security aren’t those with the most tools, but those with the discipline to test, question, and validate every assumption — before it’s too late.

We've featured the best encryption software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro