Skip to main content
SpringerLink
Log in
Book cover

International Conference on Human-Computer Interaction

HCII 2020: HCI for Cybersecurity, Privacy and Trust pp 217–231Cite as

Sleeping with the Enemy: Does Depletion Cause Fatigue with Cybersecurity?

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12210))

Abstract

Cybersecurity training and awareness programs can act to exacerbate rather than improve the cybersecurity threat posed by naïve and non-malicious actions of employees [1, 2]. Employees report being unable to keep up with cybersecurity demands while also managing their core workload [1]. Cyber Fatigue is a weariness, aversion, or lack of motivation regarding cybersecurity [3]. It manifests due to overexposure to cybersecurity and a lack of available cognitive or workplace resources to cope with its demands. The current study examined the effect of non-attitudinal fatigue, which results from repetitive cybersecurity actions, on password-creation behaviour. Data collection involved an online experimental task and a set of standardised and adapted psychometric measures. Based on previous research [4, 5], cyber fatigue was induced in the two experimental conditions using a CAPTCHA task. The study was completed by 187 (97 male, 90 female) employed adult participants. However, we found no significant relationship between depletion and password creation behaviours. Our findings have important practical implications for interventions and provides insight for training aimed at improving employee behaviour.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Stanton, B., et al.: Security fatigue. IT Prof. 18(5), 26–32 (2016)

    Article  Google Scholar 

  2. Furnell, S., Thomson, K.-L.: Recognising and addressing ‘security fatigue’. Comput. Fraud Secur. 2009(11), 7–11 (2009)

    Article  Google Scholar 

  3. Reeves, A., Calic, D., Delfabbro, P.: Encouraging employee engagement with cyber security: how to tackle cyber fatigue. SAGE Open: Special Collection on Organizational Cybersecurity (2020, submitted)

    Google Scholar 

  4. Coopamootoo, K.P.L., Groß, T., Pratama, M.F.R.: An empirical investigation of security fatigue: the case of password choice after solving a CAPTCHA. In: LASER 2017, Arlington, VA, USA, pp. 39–48 (2017)

    Google Scholar 

  5. Groß, T., Coopamootoo, K.P.L., Al-Jabri, A.: Effect of cognitive depletion on password choice. In: LASER 2016, San Jose, CA, p. 55–66 (2016)

    Google Scholar 

  6. Telstra Corporation: Telstra Security Report 2019 (2019). https://www.telstra.com.au/content/dam/shared-component-assets/tecom/campaigns/security-report/Summary-Report-2019-LR.pdf

  7. Pattinson, M., Butavicius, M., Parsons, K., McCormac, A., Calic, D.: Factors that influence information security behavior: an Australian web-based study. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 231–241. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20376-8_21

    Chapter  Google Scholar 

  8. Choi, H., Park, J., Jung, Y.: The role of privacy fatigue in online privacy behavior. Comput. Hum. Behav. 81, 42–51 (2018)

    Article  Google Scholar 

  9. Baumeister, R.F., Vohs, K.D.: Chapter two - strength model of self-regulation as limited resource: assessment, controversies, update. In: Olson, J.M., Zanna, M.P. (eds.) Advances in Experimental Social Psychology, pp. 67–127. Academic Press, Cambridge (2016)

    Google Scholar 

  10. Liang, H., Xue, Y.: Avoidance of information technology threats: a theoretical perspective (technology threat avoidance theory) (Report). MIS Q. 33(1), 71 (2009)

    Article  Google Scholar 

  11. Abraham, S., Chengalur-Smith, I.: Evaluating the effectiveness of learner controlled information security training. Comput. Secur. 87, 101586 (2019)

    Article  Google Scholar 

  12. Ameen, N., et al.: Employees’ behavioural intention to smartphone security: a gender-based, cross-national study. Comput. Hum. Behav. 104, 106184 (2020)

    Article  Google Scholar 

  13. Hina, S., Panneer Selvam, D.D.D., Lowry, P.B.: Institutional governance and protection motivation: theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world. Comput. Secur. 87, 101594 (2019)

    Article  Google Scholar 

  14. Wall, J.D., Buche, M.W.: To fear or not to fear? A critical review and analysis of fear appeals in the information security context. Commun. Assoc. Inf. Syst. 41, 277–300 (2017)

    Google Scholar 

  15. Amran, A., Zaaba, Z.F., Mahinderjit Singh, M.K.: Habituation effects in computer security warning, pp. 119–131. Taylor & Francis (2018)

    Google Scholar 

  16. Groß, T., Coopamootoo, K.P.L., Al-Jabri, A.: Effect of cognitive depletion on password choice. In: The {LASER} Workshop: Learning from Authoritative Security Experiment Results ({LASER} 2016), San Jose, CA (2016)

    Google Scholar 

  17. Kroenung, J., Eckhardt, A.: The attitude cube – a three-dimensional model of situational factors in IS adoption and their impact on the attitude-behavior relationship. Inf. Manag. 52(6), 611 (2015)

    Article  Google Scholar 

  18. Zolotov, M., Oliveira, T., Casteleyn, S.: E-participation adoption models research in the last 17 years: a weight and meta-analytical review. Comput. Hum. Behav. 81, 350–365 (2018)

    Article  Google Scholar 

  19. Lowry, P.B., Moody, G.D.: Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies. Inf. Syst. J. 25(5), 433–463 (2015)

    Article  Google Scholar 

  20. Groß, T., Coopamootoo, K., Al-Jabri, A.: Effect of cognitive depletion on password choice extended technical report (2019)

    Google Scholar 

  21. Popay, J., et al.: Guidance on the conduct of narrative synthesis in systematic reviews. A product from the ESRC Methods Programme, version 1 (2006)

    Google Scholar 

  22. Danziger, S., Levav, J., Avnaim-Pesso, L.: Extraneous factors in judicial decisions. Proc. Natl. Acad. Sci. 108(17), 6889–6892 (2011)

    Article  Google Scholar 

  23. Hagger, M.S., et al.: Ego depletion and the strength model of self-control: a meta-analysis. Psychol. Bull. 136(4), 495–525 (2010)

    Article  Google Scholar 

  24. Dang, J.: An updated meta-analysis of the ego depletion effect. Psychol. Res. 82(4), 645–651 (2017). https://doi.org/10.1007/s00426-017-0862-x

    Article  Google Scholar 

  25. Abdullah, F., Ward, R.: Developing a general extended technology acceptance model for E-learning (GETAMEL) by analysing commonly used external factors. Comput. Hum. Behav. 56(C), 238–256 (2016)

    Article  Google Scholar 

  26. Vohs, K.D., Faber, R.J.: Spent resources: self-regulatory resource availability affects impulse buying. J. Consum. Res. 33(4), 537–547 (2007)

    Article  Google Scholar 

  27. Vohs, K.D., Heatherton, T.F.: Self-regulatory failure: a resource-depletion approach. Psychol. Sci. 11(3), 249–254 (2000)

    Article  Google Scholar 

  28. Gailliot, M.T., et al.: Breaking the rules: low trait or state self-control increases social norm violations. Psychology 3(12), 1074 (2012)

    Article  Google Scholar 

  29. DeWall, C.N., et al.: How leaders self-regulate their task performance: evidence that power promotes diligence, depletion, and disdain. In: Self-Regulation and Self-Control, Routledge, pp. 340–378 (2018)

    Google Scholar 

  30. Wang, J., et al.: Trade-offs and depletion in choice. J. Mark. Res. 47(5), 910–919 (2010)

    Article  Google Scholar 

  31. Mamonov, S., Benbunan-Fich, R.: The impact of information security threat awareness on privacy-protective behaviors. Comput. Hum. Behav. 83(C), 32–44 (2018)

    Article  Google Scholar 

  32. Melicher, W., et al.: Fast, lean, and accurate: modeling password guessability using neural networks. In: Proceedings of the 25th USENIX Conference on Security Symposium, pp. 175–191. USENIX Association, Austin (2016)

    Google Scholar 

  33. Wheeler, D.: zxcvbn: low-budget password strength estimation. In: 25th USENIX Security Symposium (USENIX Security 16), Austin, TX (2016)

    Google Scholar 

  34. Hart, S.G., Staveland, L.E.: Development of NASA-TLX (Task Load Index): results of empirical and theoretical research. In: Advances in Psychology, pp. 139–183. Elsevier (1988)

    Google Scholar 

  35. Mayer, J.D., Gaschke, Y.N.: The brief mood introspection scale (BMIS) (1988)

    Google Scholar 

  36. Baumeister, R.F., et al.: Ego depletion: is the active self a limited resource? J. Pers. Soc. Psychol. 74(5), 1252–1265 (1998)

    Article  Google Scholar 

  37. Malimage, K.: The role of habit in information security behaviors. In: Warkentin, M., et al. (eds.) ProQuest Dissertations Publishing (2013)

    Google Scholar 

  38. Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595–2604. ACM, Vancouver (2011)

    Google Scholar 

  39. Vohs, K.D., et al.: Depletion enhances urges and feelings. (Unpublished manuscript). University of Minnesota, Minneapolis, MN (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Psychology, University of Adelaide, Adelaide, South Australia, Australia

    Andrew Reeves & Paul Delfabbro

  2. Defence Science and Technology Group, Edinburgh, South Australia, Australia

    Dragana Calic

Authors
  1. Andrew Reeves
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dragana Calic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paul Delfabbro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrew Reeves .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Reeves, A., Calic, D., Delfabbro, P. (2020). Sleeping with the Enemy: Does Depletion Cause Fatigue with Cybersecurity?. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-50309-3_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-50308-6

  • Online ISBN: 978-3-030-50309-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation