Factors Contributing to Cybersecurity Fatigue
摘要
Cybersecurity fatigue is emerging as a critical issue for organisations, particularly those operating in cloud computing environments, where the protection of both company and client data is paramount. As cyber threats increase, providers have introduced strict security protocols and mandatory training. However, heightened cybersecurity measures can have a negative psychological impacts on employees. This study adopted an interpretivist, qualitative approach, using semi-structured interviews with employees from various departments to explore the causes and behavioural impacts of cybersecurity fatigue. The findings identified several key contributors: repetitive access requests, security checks overload, decision fatigue, and a poor understanding of cybersecurity risk. These factors negatively influenced employee behaviour, leading to the neglect of security protocols, abandonment of tasks, and disengagement from training. Attitudinal fatigue, employees’ negative perceptions of cybersecurity, emerged as a critical influence on compliance and overall cyber resilience. We recommend implementing contextualised training with real-world examples and streamlining security processes to reduce workflow disruption and frustration. A conceptual model is proposed by integrating the study’s findings with the four-component model of cybersecurity fatigue, offering a foundation for future research. This model may be useful for examining cybersecurity fatigue and developing targeted interventions to reduce its impact.