Security fatigue: a case study of data specialists

Anusha Bhana; Jacques Ophoff

doi:10.1007/978-3-031-12172-2_22

Security fatigue: a case study of data specialists

Anusha Bhana, Jacques Ophoff^*

^*Corresponding author for this work

SDI - Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Due to the number of data breaches occurring worldwide there is increasing vigilance regarding information security. Organisations employ a variety of technical, formal, and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees with security-related tasks. Security compliance behaviour is a finite resource and when employees engage in cost-benefit analyses that extend tolerance thresholds, security fatigue may set in. Security fatigue has been described as a despondency and weariness to experience any further security tasks. This study used a case study approach to investigate employee security fatigue, focusing on data specialists. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. A thematic analysis of the data revealed several interlinked themes that evidence security fatigue. Awareness and understanding of these themes can help organisations to monitor for this and tailor security activities, such as security education, training, and awareness for increased effectiveness.

Original language	English
Title of host publication	Human Aspects of Information Security and Assurance
Subtitle of host publication	16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings
Editors	Nathan Clarke, Steven Furnell
Place of Publication	Cham
Publisher	Springer
Pages	275-284
Number of pages	10
ISBN (Electronic)	9783031121722
ISBN (Print)	9783031121715
DOIs	https://doi.org/10.1007/978-3-031-12172-2_22
Publication status	Published - 22 Jul 2022
Event	16th International Symposium on Human Aspects of Information Security & Assurance - Heliotrope Hotel, Mytilene, Greece Duration: 6 Jul 2022 → 7 Jul 2022 Conference number: 16th https://www.haisa.org/

Publication series

Name	IFIP Advances in Information and Communication Technology (IFIP AICT)
Publisher	Springer
Volume	658
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	16th International Symposium on Human Aspects of Information Security & Assurance
Abbreviated title	HAISA 2022
Country/Territory	Greece
City	Mytilene
Period	6/07/22 → 7/07/22
Internet address	https://www.haisa.org/

Keywords

Information security
Security fatigue
Data specialist

Access to Document

10.1007/978-3-031-12172-2_22

Embargoed Document

Ophoff_SecurityFatigue_Accepted_2022
Accepted author manuscript, 337 KB
Embargo ends: 22/07/23

Cite this

Bhana, A., & Ophoff, J. (2022). Security fatigue: a case study of data specialists. In N. Clarke, & S. Furnell (Eds.), Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings (pp. 275-284). (IFIP Advances in Information and Communication Technology (IFIP AICT); Vol. 658). Springer. https://doi.org/10.1007/978-3-031-12172-2_22

Bhana, Anusha ; Ophoff, Jacques. / Security fatigue : a case study of data specialists. Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings. editor / Nathan Clarke ; Steven Furnell. Cham : Springer, 2022. pp. 275-284 (IFIP Advances in Information and Communication Technology (IFIP AICT)).

@inproceedings{b6218b4e9117476e9cbaacf1b60a5da2,

title = "Security fatigue: a case study of data specialists",

abstract = "Due to the number of data breaches occurring worldwide there is increasing vigilance regarding information security. Organisations employ a variety of technical, formal, and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees with security-related tasks. Security compliance behaviour is a finite resource and when employees engage in cost-benefit analyses that extend tolerance thresholds, security fatigue may set in. Security fatigue has been described as a despondency and weariness to experience any further security tasks. This study used a case study approach to investigate employee security fatigue, focusing on data specialists. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. A thematic analysis of the data revealed several interlinked themes that evidence security fatigue. Awareness and understanding of these themes can help organisations to monitor for this and tailor security activities, such as security education, training, and awareness for increased effectiveness.",

author = "Anusha Bhana and Jacques Ophoff",

note = "Funding information: This work is based on the research supported wholly / in part by the National Research Foundation of South Africa (Grant Numbers 114838); 16th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2022 ; Conference date: 06-07-2022 Through 07-07-2022",

year = "2022",

month = jul,

day = "22",

doi = "10.1007/978-3-031-12172-2_22",

language = "English",

isbn = "9783031121715",

series = "IFIP Advances in Information and Communication Technology (IFIP AICT)",

publisher = "Springer",

pages = "275--284",

editor = "Nathan Clarke and Steven Furnell",

booktitle = "Human Aspects of Information Security and Assurance",

url = "https://www.haisa.org/",

}

Bhana, A & Ophoff, J 2022, Security fatigue: a case study of data specialists. in N Clarke & S Furnell (eds), Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings. IFIP Advances in Information and Communication Technology (IFIP AICT), vol. 658, Springer, Cham, pp. 275-284, 16th International Symposium on Human Aspects of Information Security & Assurance, Mytilene, Greece, 6/07/22. https://doi.org/10.1007/978-3-031-12172-2_22

Security fatigue : a case study of data specialists. / Bhana, Anusha; Ophoff, Jacques.

Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings. ed. / Nathan Clarke; Steven Furnell. Cham : Springer, 2022. p. 275-284 (IFIP Advances in Information and Communication Technology (IFIP AICT); Vol. 658).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Security fatigue

T2 - 16th International Symposium on Human Aspects of Information Security & Assurance

AU - Bhana, Anusha

AU - Ophoff, Jacques

N1 - Conference code: 16th

PY - 2022/7/22

Y1 - 2022/7/22

N2 - Due to the number of data breaches occurring worldwide there is increasing vigilance regarding information security. Organisations employ a variety of technical, formal, and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees with security-related tasks. Security compliance behaviour is a finite resource and when employees engage in cost-benefit analyses that extend tolerance thresholds, security fatigue may set in. Security fatigue has been described as a despondency and weariness to experience any further security tasks. This study used a case study approach to investigate employee security fatigue, focusing on data specialists. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. A thematic analysis of the data revealed several interlinked themes that evidence security fatigue. Awareness and understanding of these themes can help organisations to monitor for this and tailor security activities, such as security education, training, and awareness for increased effectiveness.

AB - Due to the number of data breaches occurring worldwide there is increasing vigilance regarding information security. Organisations employ a variety of technical, formal, and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees with security-related tasks. Security compliance behaviour is a finite resource and when employees engage in cost-benefit analyses that extend tolerance thresholds, security fatigue may set in. Security fatigue has been described as a despondency and weariness to experience any further security tasks. This study used a case study approach to investigate employee security fatigue, focusing on data specialists. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. A thematic analysis of the data revealed several interlinked themes that evidence security fatigue. Awareness and understanding of these themes can help organisations to monitor for this and tailor security activities, such as security education, training, and awareness for increased effectiveness.

U2 - 10.1007/978-3-031-12172-2_22

DO - 10.1007/978-3-031-12172-2_22

M3 - Conference contribution

SN - 9783031121715

T3 - IFIP Advances in Information and Communication Technology (IFIP AICT)

SP - 275

EP - 284

BT - Human Aspects of Information Security and Assurance

A2 - Clarke, Nathan

A2 - Furnell, Steven

PB - Springer

CY - Cham

Y2 - 6 July 2022 through 7 July 2022

ER -

Bhana A, Ophoff J. Security fatigue: a case study of data specialists. In Clarke N, Furnell S, editors, Human Aspects of Information Security and Assurance: 16th IFIP WG 11.12 International Symposium, HAISA 2022, Mytilene, Lesbos, Greece, July 6–8, 2022, Proceedings. Cham: Springer. 2022. p. 275-284. (IFIP Advances in Information and Communication Technology (IFIP AICT)). https://doi.org/10.1007/978-3-031-12172-2_22