Cybersecurity fatigue is emerging as a critical issue for organisations, particularly those operating in cloud computing environments, where the protection of both company and client data is paramount. As cyber threats increase, providers have introduced strict security protocols and mandatory training. However, heightened cybersecurity measures can have a negative psychological impacts on employees. This study adopted an interpretivist, qualitative approach, using semi-structured interviews with employees from various departments to explore the causes and behavioural impacts of cybersecurity fatigue. The findings identified several key contributors: repetitive access requests, security checks overload, decision fatigue, and a poor understanding of cybersecurity risk. These factors negatively influenced employee behaviour, leading to the neglect of security protocols, abandonment of tasks, and disengagement from training. Attitudinal fatigue, employees’ negative perceptions of cybersecurity, emerged as a critical influence on compliance and overall cyber resilience. We recommend implementing contextualised training with real-world examples and streamlining security processes to reduce workflow disruption and frustration. A conceptual model is proposed by integrating the study’s findings with the four-component model of cybersecurity fatigue, offering a foundation for future research. This model may be useful for examining cybersecurity fatigue and developing targeted interventions to reduce its impact.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Factors Contributing to Cybersecurity Fatigue

  • Cassidy Norton,
  • Zainab Ruhwanya,
  • Jacques Ophoff

摘要

Cybersecurity fatigue is emerging as a critical issue for organisations, particularly those operating in cloud computing environments, where the protection of both company and client data is paramount. As cyber threats increase, providers have introduced strict security protocols and mandatory training. However, heightened cybersecurity measures can have a negative psychological impacts on employees. This study adopted an interpretivist, qualitative approach, using semi-structured interviews with employees from various departments to explore the causes and behavioural impacts of cybersecurity fatigue. The findings identified several key contributors: repetitive access requests, security checks overload, decision fatigue, and a poor understanding of cybersecurity risk. These factors negatively influenced employee behaviour, leading to the neglect of security protocols, abandonment of tasks, and disengagement from training. Attitudinal fatigue, employees’ negative perceptions of cybersecurity, emerged as a critical influence on compliance and overall cyber resilience. We recommend implementing contextualised training with real-world examples and streamlining security processes to reduce workflow disruption and frustration. A conceptual model is proposed by integrating the study’s findings with the four-component model of cybersecurity fatigue, offering a foundation for future research. This model may be useful for examining cybersecurity fatigue and developing targeted interventions to reduce its impact.