Factors contributing to cybersecurity fatigue

Cassidy Norton; Zainab Ruhwanya; Jacques Ophoff

doi:10.1007/978-3-032-02504-3_14

Factors contributing to cybersecurity fatigue

Cassidy Norton, Zainab Ruhwanya^*, Jacques Ophoff

^*Corresponding author for this work

Department of Cybersecurity and Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Cybersecurity fatigue is emerging as a critical issue for organisations, particularly those operating in cloud computing environments, where the protection of both company and client data is paramount. As cyber threats increase, providers have introduced strict security protocols and mandatory training. However, heightened cybersecurity measures can have a negative psychological impacts on employees. This study adopted an interpretivist, qualitative approach, using semi-structured interviews with employees from various departments to explore the causes and behavioural impacts of cybersecurity fatigue. The findings identified several key contributors: repetitive access requests, security checks overload, decision fatigue, and a poor understanding of cybersecurity risk. These factors negatively influenced employee behaviour, leading to the neglect of security protocols, abandonment of tasks, and disengagement from training. Attitudinal fatigue, employees’ negative perceptions of cybersecurity, emerged as a critical influence on compliance and overall cyber resilience. We recommend implementing contextualised training with real-world examples and streamlining security processes to reduce workflow disruption and frustration. A conceptual model is proposed by integrating the study’s findings with the four-component model of cybersecurity fatigue, offering a foundation for future research. This model may be useful for examining cybersecurity fatigue and developing targeted interventions to reduce its impact.

Original language	English
Title of host publication	Human Aspects of Information Security and Assurance
Subtitle of host publication	19th IFIP WG 11.12 International Symposium, HAISA 2025, Mytilene, Greece, July 7–9, 2025, proceedings
Editors	Steven Furnell, Nathan Clarke
Place of Publication	Cham
Publisher	Springer
Pages	198-211
Number of pages	14
ISBN (Electronic)	9783032025043
ISBN (Print)	9783032025036, 9783032025067
DOIs	https://doi.org/10.1007/978-3-032-02504-3_14
Publication status	Published - 30 Oct 2025
Event	19th International Symposium on Human Aspects of Information Security & Assurance - University of the Aegean, Mytilene, Greece Duration: 7 Jul 2025 → 9 Jul 2025 Conference number: 19th https://haisa.org/

Publication series

Name	IFIP Advances in Information and Communication Technology (IFIP AICT)
Publisher	Springer
Volume	761
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	19th International Symposium on Human Aspects of Information Security & Assurance
Abbreviated title	HAISA 2025
Country/Territory	Greece
City	Mytilene
Period	7/07/25 → 9/07/25
Internet address	https://haisa.org/

Keywords

Cybersecurity
Fatigue
Case study

Access to Document

10.1007/978-3-032-02504-3_14

Embargoed Document

Ophoff_FactorsContributingToCybersecurityFatigue_Accepted_2025
Accepted author manuscript, 629 KB
Embargo ends: 30/10/26

Cite this

Norton, C., Ruhwanya, Z., & Ophoff, J. (2025). Factors contributing to cybersecurity fatigue. In S. Furnell, & N. Clarke (Eds.), Human Aspects of Information Security and Assurance: 19th IFIP WG 11.12 International Symposium, HAISA 2025, Mytilene, Greece, July 7–9, 2025, proceedings (pp. 198-211). (IFIP Advances in Information and Communication Technology (IFIP AICT); Vol. 761). Springer. https://doi.org/10.1007/978-3-032-02504-3_14

Norton, Cassidy ; Ruhwanya, Zainab ; Ophoff, Jacques. / Factors contributing to cybersecurity fatigue. Human Aspects of Information Security and Assurance: 19th IFIP WG 11.12 International Symposium, HAISA 2025, Mytilene, Greece, July 7–9, 2025, proceedings. editor / Steven Furnell ; Nathan Clarke. Cham : Springer, 2025. pp. 198-211 (IFIP Advances in Information and Communication Technology (IFIP AICT)).

@inproceedings{ae14de29e65246d6856a7c401e3387d9,

title = "Factors contributing to cybersecurity fatigue",

abstract = "Cybersecurity fatigue is emerging as a critical issue for organisations, particularly those operating in cloud computing environments, where the protection of both company and client data is paramount. As cyber threats increase, providers have introduced strict security protocols and mandatory training. However, heightened cybersecurity measures can have a negative psychological impacts on employees. This study adopted an interpretivist, qualitative approach, using semi-structured interviews with employees from various departments to explore the causes and behavioural impacts of cybersecurity fatigue. The findings identified several key contributors: repetitive access requests, security checks overload, decision fatigue, and a poor understanding of cybersecurity risk. These factors negatively influenced employee behaviour, leading to the neglect of security protocols, abandonment of tasks, and disengagement from training. Attitudinal fatigue, employees{\textquoteright} negative perceptions of cybersecurity, emerged as a critical influence on compliance and overall cyber resilience. We recommend implementing contextualised training with real-world examples and streamlining security processes to reduce workflow disruption and frustration. A conceptual model is proposed by integrating the study{\textquoteright}s findings with the four-component model of cybersecurity fatigue, offering a foundation for future research. This model may be useful for examining cybersecurity fatigue and developing targeted interventions to reduce its impact.",

author = "Cassidy Norton and Zainab Ruhwanya and Jacques Ophoff",

note = "{\textcopyright} 2026 IFIP International Federation for Information Processing Data availability statement: Not present.; 19th International Symposium on Human Aspects of Information Security \& Assurance, HAISA 2025 ; Conference date: 07-07-2025 Through 09-07-2025",

year = "2025",

month = oct,

day = "30",

doi = "10.1007/978-3-032-02504-3\_14",

language = "English",

isbn = "9783032025036",

series = "IFIP Advances in Information and Communication Technology (IFIP AICT)",

publisher = "Springer",

pages = "198--211",

editor = "Steven Furnell and Nathan Clarke",

booktitle = "Human Aspects of Information Security and Assurance",

url = "https://haisa.org/",

}

Norton, C, Ruhwanya, Z & Ophoff, J 2025, Factors contributing to cybersecurity fatigue. in S Furnell & N Clarke (eds), Human Aspects of Information Security and Assurance: 19th IFIP WG 11.12 International Symposium, HAISA 2025, Mytilene, Greece, July 7–9, 2025, proceedings. IFIP Advances in Information and Communication Technology (IFIP AICT), vol. 761, Springer, Cham, pp. 198-211, 19th International Symposium on Human Aspects of Information Security & Assurance, Mytilene, Greece, 7/07/25. https://doi.org/10.1007/978-3-032-02504-3_14

Factors contributing to cybersecurity fatigue. / Norton, Cassidy; Ruhwanya, Zainab; Ophoff, Jacques.
Human Aspects of Information Security and Assurance: 19th IFIP WG 11.12 International Symposium, HAISA 2025, Mytilene, Greece, July 7–9, 2025, proceedings. ed. / Steven Furnell; Nathan Clarke. Cham: Springer, 2025. p. 198-211 (IFIP Advances in Information and Communication Technology (IFIP AICT); Vol. 761).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Factors contributing to cybersecurity fatigue

AU - Norton, Cassidy

AU - Ruhwanya, Zainab

AU - Ophoff, Jacques

N1 - Conference code: 19th

PY - 2025/10/30

Y1 - 2025/10/30

N2 - Cybersecurity fatigue is emerging as a critical issue for organisations, particularly those operating in cloud computing environments, where the protection of both company and client data is paramount. As cyber threats increase, providers have introduced strict security protocols and mandatory training. However, heightened cybersecurity measures can have a negative psychological impacts on employees. This study adopted an interpretivist, qualitative approach, using semi-structured interviews with employees from various departments to explore the causes and behavioural impacts of cybersecurity fatigue. The findings identified several key contributors: repetitive access requests, security checks overload, decision fatigue, and a poor understanding of cybersecurity risk. These factors negatively influenced employee behaviour, leading to the neglect of security protocols, abandonment of tasks, and disengagement from training. Attitudinal fatigue, employees’ negative perceptions of cybersecurity, emerged as a critical influence on compliance and overall cyber resilience. We recommend implementing contextualised training with real-world examples and streamlining security processes to reduce workflow disruption and frustration. A conceptual model is proposed by integrating the study’s findings with the four-component model of cybersecurity fatigue, offering a foundation for future research. This model may be useful for examining cybersecurity fatigue and developing targeted interventions to reduce its impact.

AB - Cybersecurity fatigue is emerging as a critical issue for organisations, particularly those operating in cloud computing environments, where the protection of both company and client data is paramount. As cyber threats increase, providers have introduced strict security protocols and mandatory training. However, heightened cybersecurity measures can have a negative psychological impacts on employees. This study adopted an interpretivist, qualitative approach, using semi-structured interviews with employees from various departments to explore the causes and behavioural impacts of cybersecurity fatigue. The findings identified several key contributors: repetitive access requests, security checks overload, decision fatigue, and a poor understanding of cybersecurity risk. These factors negatively influenced employee behaviour, leading to the neglect of security protocols, abandonment of tasks, and disengagement from training. Attitudinal fatigue, employees’ negative perceptions of cybersecurity, emerged as a critical influence on compliance and overall cyber resilience. We recommend implementing contextualised training with real-world examples and streamlining security processes to reduce workflow disruption and frustration. A conceptual model is proposed by integrating the study’s findings with the four-component model of cybersecurity fatigue, offering a foundation for future research. This model may be useful for examining cybersecurity fatigue and developing targeted interventions to reduce its impact.

U2 - 10.1007/978-3-032-02504-3_14

DO - 10.1007/978-3-032-02504-3_14

M3 - Conference contribution

SN - 9783032025036

SN - 9783032025067

T3 - IFIP Advances in Information and Communication Technology (IFIP AICT)

SP - 198

EP - 211

BT - Human Aspects of Information Security and Assurance

A2 - Furnell, Steven

A2 - Clarke, Nathan

PB - Springer

CY - Cham

T2 - 19th International Symposium on Human Aspects of Information Security & Assurance

Y2 - 7 July 2025 through 9 July 2025

ER -

Norton C, Ruhwanya Z, Ophoff J. Factors contributing to cybersecurity fatigue. In Furnell S, Clarke N, editors, Human Aspects of Information Security and Assurance: 19th IFIP WG 11.12 International Symposium, HAISA 2025, Mytilene, Greece, July 7–9, 2025, proceedings. Cham: Springer. 2025. p. 198-211. (IFIP Advances in Information and Communication Technology (IFIP AICT)). Epub 2025 Oct 30. doi: 10.1007/978-3-032-02504-3_14

Factors contributing to cybersecurity fatigue

Abstract

Publication series

Conference

Keywords

Access to Document

Embargoed Document

Fingerprint

Cite this