Latest News

‘Cyber security fatigue’ is now rampant

cyber security

A recent study from the National Institute of Standards and Technology (NIST) has found that ‘cyber security fatigue’ is taking over, causing computer users to make risky decisions.

The study drew on data from a qualitative study on computer users’ perceptions and beliefs about cyber security and online privacy. Subjects ranged in ages from their 20s to 60s, resided in urban, suburban and rural areas, and had a variety of occupations.

As stated by one of the study’s subjects, “I don’t pay any attention to those things anymore… People get weary from being bombarded by ‘watch out for this or watch out for that.’”

The research team found that the majority of average computer users feel overwhelmed and bombarded, and are tired of being on constant alert, adopting safe behaviour and trying to understand the nuances of cyber security.

“We weren’t even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data,” said computer scientist and co-author Mary Theofanos.

“Years ago, you had one password to keep up with at work. Now people are being asked to remember 25 or 30. We haven’t really thought about cyber security expanding and what it has done to people.”

According to the study, participants questioned their likeliness of being targeted in a cyber attack; many felt that they are not important enough for anyone to want to steal their information.

Conversely, they also questioned how they could effectively protect their data when large organisations seem to fall victim to cyber attacks often.

Subjects with the most positive attitude were found to be those who had experience with cyber crime. Many of the above-mentioned subjects had not directly experienced a cyber attack.

The study suggested three ways to prevent cyber security fatigue:

  1. Limit the number of security decisions users need to make
  2. Make it simple for users to choose the right security action
  3. Design for consistent decision-making whenever possible

“If people can’t use security they are not going to,” said Brian Stanton, psychologist and co-author of the study.

Send this to a friend