Many industry insiders see security from a data-driven perspective—there is risk probability, which is lowered by the effectiveness of an array of countermeasures. However, most risk models are not holistic, because they don’t address the important psychological and sociological factors at play. The human element is perhaps the most difficult to address in the security realm, yet the one that can make or break our efforts.

Acknowledging the existence of security fatigue-driven behaviors and mindsets is part of the solution, but there are tangible steps we can take in our work to meet them head on and mitigate.