The continuous warnings for unsafe software and cyber crime causes 'security fatigue' that stops people from keeping themselves safe. They get tired from remembering numerous passwords and from the large amount of software updates they have to perform. Being continuous alert wears out people, a study from the National Institute of Standards and Technology (NIST) finds.
Unfortunately this causes risky computing behavior at work and in their personal lives. Initially the researchers did a qualitative study on computer users’ perception and beliefs about cybersecurity and online privacy.
"We weren’t even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data", computer scientist and co-author Mary Theofanos states in the press release announcing the findings of the study.
The findings that people suffer from security fatigue is important, co-author Brian Stanton adds, "It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet."
Besides being tired from all the warnings, people also think they're not an interesting target for cybercriminals. They felt they weren't important enough for criminals that wanted their data and they also didn't know anyone who had ever been hacked.
Often the participants in the study also felt that computer security wasn't their responsibility, they argued that the bank, online store or someone with more experience should secure them. Besides that, they also wondered how they could protect themselves while large organisations are frequently in the news being successfully attacked by cybercriminals.
The researchers recommend to limit the number of security decisions users need to make, to make it simple for users to choose the right security action and to design for consistent decision making whenever possible.
