Paper Number
3037
Paper Type
Complete
Abstract
This study empirically investigates the role of information security fatigue (ISF) in cybersecurity protection behaviors of non-IT professionals. Drawing on three theoretical lens—Protection Motivation Theory, Theory of Reasoned Action, and Instrumental View of Organizational Culture, we examine both direct and moderating effects of ISF on cybersecurity behaviors in a multifaceted yet parsimonious model. The study documents that ISF negatively affects cybersecurity behaviors, even with a strong cybersecurity culture. This research contributes to both research and practice. For research, it integrates ISF into the broader discourse on cybersecurity behaviors, highlighting fatigue as a critical variable that warrants further exploration in cybersecurity research. For practice, the study offers insights that in the presence of security fatigue, a strong organizational cybersecurity culture might not contribute to mitigating cybersecurity risks; thus steps may be needed to reduce fatigue and its multifaceted effects.
Recommended Citation
Mohsin, Mohammad and Palvia, Prashant, "Unraveling the Role of Fatigue in Cybersecurity Behavior" (2024). ICIS 2024 Proceedings. 14.
https://aisel.aisnet.org/icis2024/security/security/14
Unraveling the Role of Fatigue in Cybersecurity Behavior
This study empirically investigates the role of information security fatigue (ISF) in cybersecurity protection behaviors of non-IT professionals. Drawing on three theoretical lens—Protection Motivation Theory, Theory of Reasoned Action, and Instrumental View of Organizational Culture, we examine both direct and moderating effects of ISF on cybersecurity behaviors in a multifaceted yet parsimonious model. The study documents that ISF negatively affects cybersecurity behaviors, even with a strong cybersecurity culture. This research contributes to both research and practice. For research, it integrates ISF into the broader discourse on cybersecurity behaviors, highlighting fatigue as a critical variable that warrants further exploration in cybersecurity research. For practice, the study offers insights that in the presence of security fatigue, a strong organizational cybersecurity culture might not contribute to mitigating cybersecurity risks; thus steps may be needed to reduce fatigue and its multifaceted effects.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
06-Security