Skip to content
Tech News
← Back to articles

Study: 'Security Fatigue' May Weaken Digital Defenses

2026-03-23 | original
read original get Cybersecurity Awareness Book → more articles
Why This Matters

This study underscores the importance of balancing cybersecurity measures with employee well-being, as excessive security demands can lead to fatigue and reduced compliance. Recognizing the human factor is crucial for developing sustainable security strategies that maintain both organizational safety and employee engagement. For the tech industry and consumers, it highlights the need for smarter, less burdensome security protocols that prevent burnout and enhance overall security posture.

Key Takeaways

A UAlbany-led research team found that repeated exposure to security requirements can lead to “security fatigue,” a state in which employees become mentally exhausted and disengaged from security practices. (Photo by Patrick Dodson)

By Michael Parker

ALBANY, N.Y. (March 18, 2026) — From password resets and software updates to phishing alerts and cybersecurity trainings, today’s workplace is filled with constant reminders about digital security. But new research led by the University at Albany’s Massry School of Business suggests those well-intentioned safeguards may be having an unintended effect.

A recent study, “Security Fatigue: Manifestation of Emotional Exhaustion and Cynicism by Depletion of Self-Regulation Capacity,” published in the European Journal of Information Systems, examines how growing cybersecurity demands are impacting employee behavior. The research finds that repeated exposure to security requirements can lead to “security fatigue,” a state in which employees become mentally exhausted and disengaged from security practices.

“Security requirements are designed to protect organizations, but they also create additional demands on employees that build over time,” said Sanjay Goel, Morris Massry Endowed Professor and chair of Information Security and Digital Forensics. “When those demands outpace an individual’s capacity to manage them, it becomes harder to maintain consistent security behavior.”

Goel conducted the research with co-authors Akanksha Malik of the Guildhall School of Business and Law at London Metropolitan University (UK) and Shuchi Sinha of the Indian Institute of Technology Delhi (India).

The human side of cybersecurity

While cybersecurity is often framed as a technical challenge, the study highlights the growing strain placed on employees who must carry out security practices in real time.

Morris Massry Endowed Professor and Chair, Information Security and Digital Forensics Sanjay Goel speaks to students in the UAlbany AI for Business Lab. (Photo by Patrick Dodson)

Employees are routinely expected to manage a range of security-related tasks, from maintaining complex passwords to identifying phishing attempts and adapting to frequently updated policies. While each task is manageable on its own, the cumulative effect can create a sustained cognitive burden that interferes with employees’ primary responsibilities.

... continue reading

Explore topics: security fatigue university at albany cybersecurity phishing alerts information security
Related:
Crunchyroll Investigating Claims of Cyberattack
Attacker Exploits Crypto Stablecoin for a $25 Million Payday
Cyber.mil serving file downloads using TLS certificate which expired 3 days ago
Trivy ecosystem supply chain briefly compromised
Hundreds of millions of iPhones can be hacked with a new tool found in the wild

© 2026 GoKawiil

About | Editorial Policy | Contact