Risk homeostasis and security fatigue: a case study of data specialists
Information and Computer Security
ISSN: 2056-4961
Article publication date: 9 February 2023
Issue publication date: 26 June 2023
Abstract
Purpose
Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees to manage security-related risks. The purpose of this research is to explore the homeostatic mechanism proposed by risk homeostasis theory (RHT), as well as security fatigue, in an organisational context.
Design/methodology/approach
A case study approach was used to investigate the topic, focusing on data specialists who regularly work with sensitive information assets. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company.
Findings
A thematic analysis of the data revealed risk perceptions, behavioural adjustments and indicators of security fatigue. The findings provide examples of how these concepts manifest in practice and confirm the relevance of RHT in the security domain.
Originality/value
This research illuminates homeostatic mechanisms in an organisational security context. It also illustrates links with security fatigue and how this could further impact risk. Examples and indicators of security fatigue can assist organisations with risk management, creating “employee-friendly” policies and procedures, choosing appropriate technical security solutions and tailoring security education, training and awareness activities.
Keywords
Acknowledgements
This work is based on the research supported wholly/in part by the National Research Foundation of South Africa (Grant Numbers 114838).
Citation
Bhana, A. and Ophoff, J. (2023), "Risk homeostasis and security fatigue: a case study of data specialists", Information and Computer Security, Vol. 31 No. 3, pp. 267-280. https://doi.org/10.1108/ICS-11-2022-0172
Publisher
:Emerald Publishing Limited
Copyright © 2023, Emerald Publishing Limited