Security fatigue is causing computer users to indulge in risky behaviour, both in computing and their personal lives, a study by the US National Institute of Standards and Technology claims.
The study came to this conclusion after an analysing data from a qualitative study on computer users’ perception and their beliefs about cybersecurity and online privacy. (The study can be downloaded here after payment.)
Those interviewed ranged in age from 20s to 60s, and were from urban, suburban and rural areas. They were employed in a variety of jobs.
The study defined security fatigue as a weariness or a reluctance to deal with issues of computer security.
The study, published in the IEEE’s IT Professional, looked at computer use in the workplace and home. There was a specific focus on online activity, including shopping and banking, computer security, security terminology, and security icons and tools.Cognitive psychologist Brian Stanton, a co-author of the study, said: “The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people’s everyday life.
“It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet.”
“If people can’t use security, they are not going to, and then we and our nation won’t be secure.”
The study found that most average computer users felt overwhelmed and bombarded, and got tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security issues.
It said that when users were asked to make more computer security decisions than they are able to manage, they experienced decision fatigue, which leads to security fatigue.
The study concluded that this weariness could lead to feelings of resignation and loss of control. This, in turn, could lead to avoiding decisions, choosing the easiest option among alternatives, making decisions influenced by immediate motivations, behaving impulsively, and failing to follow security rules.
The study said there were three ways to ease security fatigue and help users maintain secure online habits and behavior. They are:
- Limit the number of security decisions users need to make;
- Make it simple for users to choose the right security action; and
- Design for consistent decision-making whenever possible.