Security fatigue: a case study of data specialists

Anusha Bhana, Jacques Ophoff*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Due to the number of data breaches occurring worldwide there is increasing vigilance regarding information security. Organisations employ a variety of technical, formal, and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees with security-related tasks. Security compliance behaviour is a finite resource and when employees engage in cost-benefit analyses that extend tolerance thresholds, security fatigue may set in. Security fatigue has been described as a despondency and weariness to experience any further security tasks. This study used a case study approach to investigate employee security fatigue, focusing on data specialists. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. A thematic analysis of the data revealed several interlinked themes that evidence security fatigue. Awareness and understanding of these themes can help organisations to monitor for this and tailor security activities, such as security education, training, and awareness for increased effectiveness.
Original languageEnglish
Title of host publicationHuman Aspects of Information Security and Assurance
Subtitle of host publication16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings
EditorsNathan Clarke, Steven Furnell
Place of PublicationCham
PublisherSpringer
Pages275-284
Number of pages10
ISBN (Electronic)9783031121722
ISBN (Print)9783031121715
DOIs
Publication statusPublished - 22 Jul 2022
Event16th International Symposium on Human Aspects of Information Security & Assurance - Heliotrope Hotel, Mytilene, Greece
Duration: 6 Jul 20227 Jul 2022
Conference number: 16th
https://www.haisa.org/

Publication series

NameIFIP Advances in Information and Communication Technology (IFIP AICT)
PublisherSpringer
Volume658
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference16th International Symposium on Human Aspects of Information Security & Assurance
Abbreviated titleHAISA 2022
Country/TerritoryGreece
CityMytilene
Period6/07/227/07/22
Internet address

Keywords

  • Information security
  • Security fatigue
  • Data specialist

Cite this