When it comes to security controls and communications, more may be less. More complex security requirements, increased security communication, and complex security policies may actually lead to less secure end-user behaviors. Why? Security fatigue -- users simply feel worn out by having to deal with information security. In this episode of Cyber Ways, Dr. John D’Arcy of the University of Delaware joins us to discuss his research (conducted with Alec Cram of the University of Waterloo, and Jeffrey Proudfoot of Bentley University) on the causes, symptoms, and consequences of security fatigue.

Citation: Cram, W. A., Proudfoot, J. G., & D'Arcy, J. (2021). When enough is enough: Investigating the antecedents and consequences of information security fatigue. Information Systems Journal, 31(4), 521-549.

Intro audio for the Cyber Ways Podcast

Outro audio for Cyber Ways Podcast

Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.

https://business.latech.edu/cyberways/