LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is "Security Fatigue", and what does it do to protection motivation?

Security fatigue is a state of mental exhaustion from the sheer volume of security demands — not a motivation model, but a condition that makes users ignore warnings and disable features just to get work done.

Too many security decisions lead to Security Fatigue, then ignored warnings and disabled features.

* Security fatigue: an endless stream of security decisions exhausts users, who then ignore warnings and disable features. *

Described by Stanton, Theofanos, Spickard Prettyman & Furman (2016, NIST): users are overwhelmed by the endless stream of security decisions —

  • Install the update? Accept cookies? Change the password? Check this suspicious mail? …

Consequences:

  • Warnings get ignored, security features get deactivated — "um einfach nur arbeiten zu können" (just to be able to work)
  • In PMT terms: fatigue raises the perceived Handlungskosten of every additional security action, thereby lowering Schutzmotivation across the board

Design implications: every security prompt spends a limited attention budget. Reduce decisions (sane defaults, automation), bundle requirements, and reserve interruptions for moments that matter. "Weniger ist mehr" in awareness content is the same principle — ten campaigns a year produce fatigue, not awareness.

Go deeper:

From Quiz: ISM / The Human Factor — Security Awareness | Updated: Jul 05, 2026