Loading...

Media is loading
 

Paper Number

3037

Paper Type

Complete

Abstract

This study empirically investigates the role of information security fatigue (ISF) in cybersecurity protection behaviors of non-IT professionals. Drawing on three theoretical lens—Protection Motivation Theory, Theory of Reasoned Action, and Instrumental View of Organizational Culture, we examine both direct and moderating effects of ISF on cybersecurity behaviors in a multifaceted yet parsimonious model. The study documents that ISF negatively affects cybersecurity behaviors, even with a strong cybersecurity culture. This research contributes to both research and practice. For research, it integrates ISF into the broader discourse on cybersecurity behaviors, highlighting fatigue as a critical variable that warrants further exploration in cybersecurity research. For practice, the study offers insights that in the presence of security fatigue, a strong organizational cybersecurity culture might not contribute to mitigating cybersecurity risks; thus steps may be needed to reduce fatigue and its multifaceted effects.

Comments

06-Security

Share

COinS
 
Dec 15th, 12:00 AM

Unraveling the Role of Fatigue in Cybersecurity Behavior

This study empirically investigates the role of information security fatigue (ISF) in cybersecurity protection behaviors of non-IT professionals. Drawing on three theoretical lens—Protection Motivation Theory, Theory of Reasoned Action, and Instrumental View of Organizational Culture, we examine both direct and moderating effects of ISF on cybersecurity behaviors in a multifaceted yet parsimonious model. The study documents that ISF negatively affects cybersecurity behaviors, even with a strong cybersecurity culture. This research contributes to both research and practice. For research, it integrates ISF into the broader discourse on cybersecurity behaviors, highlighting fatigue as a critical variable that warrants further exploration in cybersecurity research. For practice, the study offers insights that in the presence of security fatigue, a strong organizational cybersecurity culture might not contribute to mitigating cybersecurity risks; thus steps may be needed to reduce fatigue and its multifaceted effects.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.