LONG-TERM vigilance fatigue is a concern for anyone who has to deal with serious threats over time. As Jolene Jerard of the International Centre for Political Violence and Terrorism Research in Singapore describes it, “vigilance fatigue is often a result of a sensory overload caused by a constantly heightened sense of threat.”
There are several reasons why vigilance can lag. Complacency is a major culprit. It can be brought on by familiarity with the threat, by going a long time without any incident, or by the sense that other security precautions adopted in response to the threat make vigilance less important.
Last year’s attack at the U.S. Embassy in Benghazi highlighted the threat posed by vigilance fatigue, says Meredith Krause, licensed clinical psychologist with Prosum Psychology PLLC in Stafford, Virginia. Krause, who has worked with the U.S. Defense Department, explains: “You’ve got ambiguous threats. You’ve got ubiquitous threats.... And then there’s the issue of how do we respond to those threats with data or information that may be of questionable quality or [that may be] unverified or poorly verified?”
There’s also the issue of resource allocation. Krause says that in the case of Benghazi, the people in power may have been distracted by other issues going on in the area.
“It’s certainly a great example of how our judgment and decision making can degrade under those conditions that I just described. Because I think the people on the ground [who] were closer to the information were certainly feeling the threat more potently than maybe a counterterrorism analyst at the U.S. State Department or other places where they might be making decisions about safety and security of our overseas posts,” Krause says. However, she adds that even on the ground, complacency can and will set in. She states that she has seen individuals in Afghanistan have such a high threshold due to the constant threat level that they’ll be outside taking cigarette breaks while missile attacks are underway nearby.
Vigilance fatigue is not just a problem that the military and government have to worry about. It’s something that corporate security officers and anyone charged with keeping something safe over a long period of time must be aware of, particularly since security’s return on investment can be difficult to see, says David Owen, director of strategy and major client group for BAE Systems.
Security professionals “almost need to sound like the little red hen saying ‘the sky is falling’…all the time to get the support, the resources that they need to really stay on that optimal edge of vigilance,” according to Owen.
To combat vigilance fatigue, Krause says to start on the individual level. Companies should assess the security professional’s strengths and weaknesses. For example, is he burned out from the demands of the job or from the response from management? Does she have subject matter expertise? The former can contribute to fatigue and the latter can help guard against it.
Initial employee selection is important, as is continued monitoring and training of personnel. “You think of them as NFL athletes. I mean, if they don’t go to training camp, if they’re not working out in the offseason, and if they’re not getting good coaching throughout the season, they’re just not going to perform where we need them to perform,” Krause explains.
The training they undertake must be comprehensive. For example, it should include the use of technology, decision making in the face of uncertainty, and even stress management.
Past the individual level, Krause says to look at an organization’s broader environment. A cultural approach to security and vigilance is an essential component. She says it’s important that there be opportunities for staff to communicate many viewpoints to avoid “group think” and that employees know the consequences of over-vigilance or a lapse in vigilance.
It’s important to “break from existing norms and heuristics or rules of thumb” about what the threat is and how it could play out, according to Krause. She recommends setting up “red teams” that include devil’s advocates whose duty it is to present a challenge and get leadership thinking.
“The onus will be on leadership to create and inspire a security culture that will function at optimum [levels] despite the presence of a possible security fatigue,” says Jerard.
Owen agrees. He notes that “It is critical that an organization’s leadership finds ways of keeping the message fresh. This can be done by using topical examples as incidents arise that attract competitors or adjacent industries, and also by sharing the latest information on threats in a digestible form, such as examples of phishing e-mails or new ways of compromising organizations,” he says. He added that “it is important that the messaging is easily accessible and relevant to the industry the organization operates in.”
Krause and Owen note that while various technologies can be helpful, organizations must also be aware of their limitations. For example, in the IT world, “the threat landscape is rapidly becoming more sophisticated and moving towards targeted attacks. This is leaving some older technology solutions with poor capability to detect threats, or alternatively, they flag thousands of ‘events’ that overwhelm analysts,” Owen says.
Krause also recommends that organizations encourage feedback up and down a chain of command to provide for accountability and continuous improvement.
“Oftentimes, the trench workers—the frontline security personnel—they have a much better sense of the threat terrain. But their upper level management may not be as aware or in tune and, therefore, may not be providing them with the tools, the resources, the personnel they really need to respond to those threats,” states Krause.