5 Ways To Combat Cybersecurity Fatigue

Cybersecurity is a growing concern for businesses of all sizes. Hacks and data breaches are becoming more common and more complex. While no business is expected to be invincible against cyber attack, they are expected to be fully prepared and to take all practicable steps to prevent breaches from happening.

The Office of the Australian Information Commissioner reported a total of 245 data breaches affecting personal information between July and September 2018. It also reported that human error was a contributor in 37% of these cases⁠—making people one of the most significant risk factors to any business’s digital security.

What is cybersecurity fatigue?

Cybersecurity fatigue refers to a decreasing awareness or interest in cybersecurity and a correlating increase in risky behaviour. It frequently occurs when people feel overloaded by too much information, fail to see the potential consequences of not maintaining good security, and begin to switch off. One of the most common examples of cybersecurity fatigue is people using the same password across multiple sites or portals.

Data breaches can result in huge financial and reputational damage for businesses, so it’s imperative that your digital defences are as strong as possible. With that in mind, here are a few strategies to minimise cybersecurity fatigue in your business.


Education and empowerment is the single most important aspect in reducing cybersecurity fatigue. Employees must be educated on the business’s cybersecurity controls and empowered to speak up if they feel that these are lacking, or suspect anything untoward. Frequently sharing updated knowledge, not only about the organisation’s general processes, but also the specific types of data the business holds and any additional protocols that may apply, will establish a broader sense of responsibility amongst all employees.

Run Drills

People must be continuously trained through exercises like phishing tests and incident response drills. Phishing tests are a great way to gamify your cyber defences⁠—spotting the test phishing emails will prime employees for when the real thing happens and encourage them to report it, rather than just delete the email. Similarly, educating employees on the different types of breaches and then running breach scenarios (enacting the breach response process in real-time) is a great way to tighten defence and keep employees engaged.

Recruit a hacker

A particularly eye-opening way to highlight vulnerabilities in an organisation’s cyber defences is to hire a ‘white hat’ hacker. White hat hackers are paid by companies to try to break into their systems⁠—though they stop short of actually stealing data. White hat hackers use various tactics from standard phishing to social engineering or employee impersonation to gain access⁠—anything a malicious hacker would do. Through this, employees can see exactly how weak security can lead to easy access⁠—and just what is at stake!

Know your obligations

Different types of data have different obligations attached to them. Similarly, different pieces of legislation (such as Australia’s Notifiable Data Breach scheme) require certain actions of businesses in the event of a breach. Having thorough knowledge of relevant obligations helps employees to quickly cut through the noise and discern what is or is not relevant to them in the busy cybersecurity landscape. This allows for a more efficient, organised approach to cybersecurity across the business as a whole.

Streamline your systems

Many businesses have data housed across multiple systems and platforms, with many people in charge⁠—making it difficult to keep track of exactly what’s going on. Undertaking an audit of these systems and processes allows a business to corral its data. This can help with identifying any unnecessary duplications, systemic weaknesses, or employees who have access that don’t actually require it. Regular audits of this kind should be part of any organisation’s security hygiene and help to ensure that cybersecurity responsibility is allocated only where it needs to be.

As businesses become more digital-dependent, the threat of data breaches or other malicious hacks will continue to grow. Thus, it is imperative that all employees are aware of what it takes to protect the business and maintain those practices at all times. By using the techniques above, organisations can combat cybersecurity fatigue and minimise the damage from potential incidents in the future.

For more information on cybersecurity, types of data, data breaches and data obligations, sign up to LexisNexis Practical Guidance: Cybersecurity, Data Protection and Privacy.

From simple search to analysis and insight, the powerful intelligence of Lexis Advance sits at the heart of many of LexisNexis legal solutions. Access exactly what you need with a single subscription.

Contact our Experts Now

Contact Us