Abstract

This study examines how information security burnout can develop from complying with organisational security demands, and whether security burnout can be reduced by engaging organisational and personal resources. The Job Demands-Resources model was extended to the IT security context, to develop and empirically test a security burnout model, using a sample of 443 participants in Vietnam. The results demonstrate that security task overload and difficult access to security requirements increased security burnout while dealing with challenging security requirements reduced burnout. Neither organisational resources nor user self-efficacy were effective in reducing burnout. Moreover, simple security tasks did not guarantee a burnout-free experience for users. The findings emphasise the significance of providing resources and designing security tasks as challenging and rewarding experiences, rather than simply reducing user involvement as a source of decreasing cyber security risks. The research establishes a theoretical basis for further studying the phenomenon of security burnout and its role in user security management.

DOI

10.1016/j.jisa.2019.03.012

Publication Date

2019-03-16

Publication Title

Journal of Information Security and Applications

Volume

46

First Page

96

Last Page

107

ISSN

2214-2134

Embargo Period

2020-03-15

Organisational Unit

School of Engineering, Computing and Mathematics

Keywords

Human factors, Security stress, Technology stress, Compliance fatigue, IT competency

Download

Share

COinS