Security_Fatigue.jpgIt’s no shocking scientific revelation that being tired impairs our ability to function. Take driving, for example. Going behind the wheel while tired is equally dangerous to driving under the influence of alcohol.

Studies show that being awake for 24 hours straight is the equivalent to having a BAC of roughly .10%. Mythbusters also conducted an experiment and confirmed this inextricable truth: that “driving tired equals driving impaired.”


Now take this analogy and shift it into the security environment of our everyday lives. If you’re always expected to be on edge about security, you’ll eventually become desensitized.

This is the new-age fear we’re experiencing that is security fatigue. It’s easy to see why you’d want to avoid this like the plague.

Security Fatigue: Cause for Alarm

Security fatigue is described as “a weariness or reluctance to deal with computer security.” Take this scenario, for instance, which is based on real events:

Brian’s going out of town with a group of friends; the hotel room’s under Alyssa’s name, and Brian wants to pay her for the cost, but he doesn’t have cash. They’re leaving on Friday, and it’s currently Wednesday. Brian tries to use a bank transfer, but upon logging in through the app, he needs to put all his banking information (including routing number and phone number).

“I’m already logged into my account, why do I have to input all this information again?” he asks. Alyssa, in order to accept the money, also has to insert multiple fields of information. Both rush through the steps – tired and bothered the entire time, and not alert to security risks in the process.

This example applies to a variety of different situations – it includes you, person who gets tired of generating a new unique password every 90 days.

It also includes you – person with a bothersome feeling from having to create an account to check out on a website.

Sound familiar? It should. A National Institute of Standards and Technology (NIST) study found that majority of computer users interviewed experienced this in some capacity. This, in turn, led to risky behavior both at work and home.

What to do About it

It’s clear this fatigue affects our security decisions. But now that we’re aware of this as an issue, what do we do about it – as CSOs, CISOs, and other c-suite executives?

Security is no longer just one person’s job; it hasn’t been for a while now. As a collective, we need to:

  • Shift how we think about security so it isn’t seen as an obstacle to completing tasks
  • Educate staff on our business’s unique operating environment (and tailor it to each department)
  • Utilize single sign-on (SSO) to prevent remembering endless logins and passwords
  • Consider a password management solution so you’re able to encrypt and create long passwords

We can take actionable steps to mitigate the effects of security fatigue.

If you’re interested in learning more, feel free to subscribe to our blog if you haven’t already or check out our IAM Program data sheet!

IAM Program Data Sheet



At Identropy, we combine expertise with empathy to help clients plan, build and run identity and access management solutions that enable their business. Since 2006, we have evolved with the industry and positioned ourselves to become a leading firm providing innovative consulting services within Identity & Access Management and Access Governance.