Abstract
Cybersecurity training and awareness programs can act to exacerbate rather than improve the cybersecurity threat posed by naïve and non-malicious actions of employees [1, 2]. Employees report being unable to keep up with cybersecurity demands while also managing their core workload [1]. Cyber Fatigue is a weariness, aversion, or lack of motivation regarding cybersecurity [3]. It manifests due to overexposure to cybersecurity and a lack of available cognitive or workplace resources to cope with its demands. The current study examined the effect of non-attitudinal fatigue, which results from repetitive cybersecurity actions, on password-creation behaviour. Data collection involved an online experimental task and a set of standardised and adapted psychometric measures. Based on previous research [4, 5], cyber fatigue was induced in the two experimental conditions using a CAPTCHA task. The study was completed by 187 (97 male, 90 female) employed adult participants. However, we found no significant relationship between depletion and password creation behaviours. Our findings have important practical implications for interventions and provides insight for training aimed at improving employee behaviour.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Stanton, B., et al.: Security fatigue. IT Prof. 18(5), 26–32 (2016)
Furnell, S., Thomson, K.-L.: Recognising and addressing ‘security fatigue’. Comput. Fraud Secur. 2009(11), 7–11 (2009)
Reeves, A., Calic, D., Delfabbro, P.: Encouraging employee engagement with cyber security: how to tackle cyber fatigue. SAGE Open: Special Collection on Organizational Cybersecurity (2020, submitted)
Coopamootoo, K.P.L., Groß, T., Pratama, M.F.R.: An empirical investigation of security fatigue: the case of password choice after solving a CAPTCHA. In: LASER 2017, Arlington, VA, USA, pp. 39–48 (2017)
Groß, T., Coopamootoo, K.P.L., Al-Jabri, A.: Effect of cognitive depletion on password choice. In: LASER 2016, San Jose, CA, p. 55–66 (2016)
Telstra Corporation: Telstra Security Report 2019 (2019). https://www.telstra.com.au/content/dam/shared-component-assets/tecom/campaigns/security-report/Summary-Report-2019-LR.pdf
Pattinson, M., Butavicius, M., Parsons, K., McCormac, A., Calic, D.: Factors that influence information security behavior: an Australian web-based study. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 231–241. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20376-8_21
Choi, H., Park, J., Jung, Y.: The role of privacy fatigue in online privacy behavior. Comput. Hum. Behav. 81, 42–51 (2018)
Baumeister, R.F., Vohs, K.D.: Chapter two - strength model of self-regulation as limited resource: assessment, controversies, update. In: Olson, J.M., Zanna, M.P. (eds.) Advances in Experimental Social Psychology, pp. 67–127. Academic Press, Cambridge (2016)
Liang, H., Xue, Y.: Avoidance of information technology threats: a theoretical perspective (technology threat avoidance theory) (Report). MIS Q. 33(1), 71 (2009)
Abraham, S., Chengalur-Smith, I.: Evaluating the effectiveness of learner controlled information security training. Comput. Secur. 87, 101586 (2019)
Ameen, N., et al.: Employees’ behavioural intention to smartphone security: a gender-based, cross-national study. Comput. Hum. Behav. 104, 106184 (2020)
Hina, S., Panneer Selvam, D.D.D., Lowry, P.B.: Institutional governance and protection motivation: theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world. Comput. Secur. 87, 101594 (2019)
Wall, J.D., Buche, M.W.: To fear or not to fear? A critical review and analysis of fear appeals in the information security context. Commun. Assoc. Inf. Syst. 41, 277–300 (2017)
Amran, A., Zaaba, Z.F., Mahinderjit Singh, M.K.: Habituation effects in computer security warning, pp. 119–131. Taylor & Francis (2018)
Groß, T., Coopamootoo, K.P.L., Al-Jabri, A.: Effect of cognitive depletion on password choice. In: The {LASER} Workshop: Learning from Authoritative Security Experiment Results ({LASER} 2016), San Jose, CA (2016)
Kroenung, J., Eckhardt, A.: The attitude cube – a three-dimensional model of situational factors in IS adoption and their impact on the attitude-behavior relationship. Inf. Manag. 52(6), 611 (2015)
Zolotov, M., Oliveira, T., Casteleyn, S.: E-participation adoption models research in the last 17 years: a weight and meta-analytical review. Comput. Hum. Behav. 81, 350–365 (2018)
Lowry, P.B., Moody, G.D.: Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies. Inf. Syst. J. 25(5), 433–463 (2015)
Groß, T., Coopamootoo, K., Al-Jabri, A.: Effect of cognitive depletion on password choice extended technical report (2019)
Popay, J., et al.: Guidance on the conduct of narrative synthesis in systematic reviews. A product from the ESRC Methods Programme, version 1 (2006)
Danziger, S., Levav, J., Avnaim-Pesso, L.: Extraneous factors in judicial decisions. Proc. Natl. Acad. Sci. 108(17), 6889–6892 (2011)
Hagger, M.S., et al.: Ego depletion and the strength model of self-control: a meta-analysis. Psychol. Bull. 136(4), 495–525 (2010)
Dang, J.: An updated meta-analysis of the ego depletion effect. Psychol. Res. 82(4), 645–651 (2017). https://doi.org/10.1007/s00426-017-0862-x
Abdullah, F., Ward, R.: Developing a general extended technology acceptance model for E-learning (GETAMEL) by analysing commonly used external factors. Comput. Hum. Behav. 56(C), 238–256 (2016)
Vohs, K.D., Faber, R.J.: Spent resources: self-regulatory resource availability affects impulse buying. J. Consum. Res. 33(4), 537–547 (2007)
Vohs, K.D., Heatherton, T.F.: Self-regulatory failure: a resource-depletion approach. Psychol. Sci. 11(3), 249–254 (2000)
Gailliot, M.T., et al.: Breaking the rules: low trait or state self-control increases social norm violations. Psychology 3(12), 1074 (2012)
DeWall, C.N., et al.: How leaders self-regulate their task performance: evidence that power promotes diligence, depletion, and disdain. In: Self-Regulation and Self-Control, Routledge, pp. 340–378 (2018)
Wang, J., et al.: Trade-offs and depletion in choice. J. Mark. Res. 47(5), 910–919 (2010)
Mamonov, S., Benbunan-Fich, R.: The impact of information security threat awareness on privacy-protective behaviors. Comput. Hum. Behav. 83(C), 32–44 (2018)
Melicher, W., et al.: Fast, lean, and accurate: modeling password guessability using neural networks. In: Proceedings of the 25th USENIX Conference on Security Symposium, pp. 175–191. USENIX Association, Austin (2016)
Wheeler, D.: zxcvbn: low-budget password strength estimation. In: 25th USENIX Security Symposium (USENIX Security 16), Austin, TX (2016)
Hart, S.G., Staveland, L.E.: Development of NASA-TLX (Task Load Index): results of empirical and theoretical research. In: Advances in Psychology, pp. 139–183. Elsevier (1988)
Mayer, J.D., Gaschke, Y.N.: The brief mood introspection scale (BMIS) (1988)
Baumeister, R.F., et al.: Ego depletion: is the active self a limited resource? J. Pers. Soc. Psychol. 74(5), 1252–1265 (1998)
Malimage, K.: The role of habit in information security behaviors. In: Warkentin, M., et al. (eds.) ProQuest Dissertations Publishing (2013)
Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595–2604. ACM, Vancouver (2011)
Vohs, K.D., et al.: Depletion enhances urges and feelings. (Unpublished manuscript). University of Minnesota, Minneapolis, MN (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Reeves, A., Calic, D., Delfabbro, P. (2020). Sleeping with the Enemy: Does Depletion Cause Fatigue with Cybersecurity?. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-50309-3_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50308-6
Online ISBN: 978-3-030-50309-3
eBook Packages: Computer ScienceComputer Science (R0)