Security Fatigue: A Case Study of Data Specialists

Abstract

Due to the number of data breaches occurring worldwide there is increasing vigilance regarding information security. Organisations employ a variety of technical, formal, and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees with security-related tasks. Security compliance behaviour is a finite resource and when employees engage in cost-benefit analyses that extend tolerance thresholds, security fatigue may set in. Security fatigue has been described as a despondency and weariness to experience any further security tasks. This study used a case study approach to investigate employee security fatigue, focusing on data specialists. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. A thematic analysis of the data revealed several interlinked themes that evidence security fatigue. Awareness and understanding of these themes can help organisations to monitor for this and tailor security activities, such as security education, training, and awareness for increased effectiveness.