2020
DOI: 10.1111/isj.12319
|View full text |Cite
|
Sign up to set email alerts
|

When enough is enough: Investigating the antecedents and consequences of information security fatigue

Abstract: Despite concerns raised by practitioners, the potential downside of the information security demands imposed by organizations on their employees has received limited scholarly attention. Our research focuses on information security fatigue (hereafter security fatigue), which is defined as a socio‐emotional state experienced by an individual who is tired of and disillusioned with security policies and their associated guidelines and procedures. This research delves into the security fatigue concept, investigate… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
14
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
8
1

Relationship

0
9

Authors

Journals

citations
Cited by 33 publications
(14 citation statements)
references
References 50 publications
0
14
0
Order By: Relevance
“…D'Arcy and Teh (2019) found that people who feel fatigue may be more likely to use neutralization techniques to violate ISPs. Employees who experience security fatigue may be less likely to strictly comply with the ISP (Furnell and Thomson, 2009; Turel et al , 2019), which has negative consequences for organizational information security efforts (Cram et al , 2021).…”
Section: Introductionmentioning
confidence: 99%
“…D'Arcy and Teh (2019) found that people who feel fatigue may be more likely to use neutralization techniques to violate ISPs. Employees who experience security fatigue may be less likely to strictly comply with the ISP (Furnell and Thomson, 2009; Turel et al , 2019), which has negative consequences for organizational information security efforts (Cram et al , 2021).…”
Section: Introductionmentioning
confidence: 99%
“…Rather, security fatigue is a gradual process experienced by employees who have been complying with security guidelines, but this adherence to guidelines becomes more burdensome and difficult over time. My preliminary research on security fatigue suggests that it too can lead to employees' non-compliance with ISP as well as a general minimization of effort toward IS security objectives (Cram et al, 2019b).…”
mentioning
confidence: 98%
“…Related to this point, there is evidence that a new phenomenoncalled "security fatigue"is occurring in the workplace. Security fatigue refers to a socio-emotional state experienced by an individual who becomes tired and disillusioned with security-related initiatives (Cram et al, 2019b). Research on security fatigue is at an early stage but it is thought that some employees may experience security fatigue due to the abundance (and perhaps perceived overload) of security-related rules and communications that they experience.…”
mentioning
confidence: 99%
“…Researchers at the National Institute of Standards and Technology raised awareness on security fatigue due to its unimpeded effort and challenges on information security (Stanton et al, 2016). Researchers publish articles on security fatigue (Cram, Proudfoot, & D'Arcy, 2019;Stanton et al, 2016); however, business organizations fail to account for the phenomenon. Nobles (2019) argued that issues such as security fatigue continue to plague information security, cybersecurity, and data privacy because human factors practitioners are not engaged in supporting cybersecurity.…”
Section: Security Fatiguementioning
confidence: 99%