Examining formation and alleviation of information security fatigue by using job demands–resources theory

Abstract The implementation and reinforcement of information security policies (ISPs) can lead to information security fatigue (hereafter security fatigue), which can drive employees to engage in unwanted behaviours. Thus, managers must reduce the likelihood of security fatigue. Therefore, in the present study, we employed job demands–resources theory and hypothesized that security‐related demands would result in security fatigue. Furthermore, we identified resources that may alleviate such fatigue. The research model was tested with data collected from 386 employees of organisations with ISPs. The findings indicate that job and personal resources can reduce the occurrence of security fatigue and engagement in opportunistic security behaviours by enhancing engagement. In addition, the effect of security fatigue on opportunistic security behaviours can be suppressed through the implementation of behavioural evaluations. Our study contributes to the formulation of methods for relieving security fatigue and ameliorating its negative effects.