Combating Breach Fatigue – time for a wake up call!

What crosses your mind when you hear the word fatigue? Does it remind you of the times when you return home tired after an intense workout session, or of tiredness in general? In either case, it signifies the intent to give up the intent to rectify something amiss. To the dismay of most CISOs today, such a thing has crept up the minds of employees for whom cyberattacks, especially data breaches, are just part of everyday life now. This article deals with this phenomenon, technically termed ‘Breach Fatigue‘ and some subtle ways of combating it.

What is breach fatigue all about?

With billions of users getting affected by data breaches over the years, a good fraction of modern employees has lost the zeal to be proactive when it comes to reporting and solving related issues. A lot of suspicious activities are either ignored or lost in the chain. Breach fatigue also involves irresponsible behavior in following security protocols, such as timely updates of passwords, antivirus software and implementing timely patches. As a result, companies have to deal with repeated cases of data breaches, a lot of which involve confidential data, which in turn leads to operational inefficiency and loss of brand equity.

Getting over breach fatigue in modern organizations

There can be no rulebooks that can guide contemporary employees to get over breach fatigue since it is not the exact work they get paid for. Instead, it is the responsibility of all CISOs to develop a culture of general proactiveness through a clear communication framework that involves the following components:

• Timely notifications detailing the events with minimal sugarcoating
• Highlighting the impact of data breaches on the customer
• Encouraging informal communication to ensure speedy reporting and redressal
• Educate stakeholders about identity theft and fraud using easy-to-follow steps
• Involve omnichannel reporting including social media and messenger apps so as to increase the chances of breaches getting reported

Breaches are like diseases, they cannot be stopped from entering our systems, but can be contained only when responded with a sense of alarm. In this regard, the first step towards minimizing data breaches in most companies is to create communication channels that can combat breach fatigue and enable employees to show greater ownership in mitigating organizational cyber risk.