A new study from the National Institute of Standards and Technology (NIST) found that a majority of the typical computer users they interviewed experienced security fatigue that often leads users to risky computing behavior at work and in their personal lives.
The study, published this week in IEEE’s IT Professional, draws on data from a qualitative study on computer users’ perception and beliefs about cybersecurity and online privacy. The subjects ranged in age from their 20s to their 60s, hailed from urban, suburban and rural areas, and held a variety of jobs.
The multidisciplinary team learned that the majority of their average computer users felt overwhelmed and bombarded, and they got tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security issues.
Comments among those who expressed feelings of security fatigue included:
- “I get tired of remembering my username and passwords.”
- “I never remember the PIN numbers, there are too many things for me to remember. It is frustrating to have to remember this useless information.
- “It also bothers me when I have to go through more additional security measures to access my things, or get locked out of my own account because I forgot as I accidentally typed in my password incorrectly.”
Participants also wonder why they would be targeted in a cyberattack. The data showed that many interviewees did not feel important enough for anyone to want to take their information, nor did they know anyone who had ever been hacked.
Commenters also expressed the sentiment that safeguarding data is someone else’s responsibility, leaving computer security up to their bank, online store or someone with more experience.
Read the Complete Report (via NIST)