Insights

Exploring IT security alarm fatigue

Chris Good

Date:

March 2025

Download Paper

key fact

 A significant percentage of IT security breaches are caused by human error - various studies estimate this figure to be 80-90%.

A significant percentage of IT security breaches are caused by human error – various studies estimate this figure to be 80-90%.

Here’s a breakdown of how human error plays a role:

  • Phishing & Social Engineering Attacks – 74% of breaches involve a human element (Verizon 2023 Data Breach Investigations Report).
  • Weak or Compromised Passwords – Around 81% of hacking-related breaches stem from poor password practices.
  • Misconfigurations & Poor Security Practices – Issues like misconfigured cloud storage, poor access control, and outdated software create vulnerabilities.
  • Insider Threats – Whether intentional or accidental, employees can expose organisations to cyber risks.

Given these risks, organisations are continuously implementing measures to reduce the probability of human errors. Common approaches include:

Regular security awareness training

Multi-factor authentication (MFA)

Strong password policies and password managers

Automated security checks and alerts

The risk of following the crowd

However, every security measure should be justified with a clear business case, not only for its initial implementation but also for its ongoing effectiveness. Organisations must consider the costs, benefits, implications, and confidence in delivery rather than blindly adopting security controls because “everyone else does.”

A prime example? Email warning banners on external messages.

Benefits of email warning banners:

  • A clear visual cue reminding recipients to be cautious.
  • May be a requirement for security insurance compliance.

The downsides of overuse:

Alarm Fatigue & Desensitisation – imagine a physical package being delivered to your door multiple times each day. Each time, the delivery person shouts “THERE MAY BE SOMETHING DANGEROUS IN THERE! BE CAREFUL!”. You may listen for the first few days, but afterwards you’ll likely ignore. It’s similar in the medical environment, or dashboards in vehicles… too generic and frequent and people can switch off to the real threats.

Cluttered Email Chains– When replying to an external email, the banner persists in the thread, making conversations messy and potentially leaving a negative impression.

Reduced Productivity – If your email preview shows the first line of text, the warning banner replaces valuable context, forcing users to open emails unnecessarily therefore impacting productivity.

A smarter approach

Rather than applying blanket warnings to every external email, consider a more targeted approach:

  • Show warnings only for departments that rarely receive external emails.
  • Trigger warnings only on emails with attachments or links.
  • Identify and flag impersonation attempts using advanced email security tools.
  • What do you think? Have you encountered alarm fatigue with security measures in your workplace?

If you would like to Chris regarding this insight, send your enquiry to contact@masonadvisory.com to discuss further.  

If you want to find out more about our services click here.

Our services

View all

Sourcing

Our deep market knowledge and end-to-end IT sourcing expertise will help you identify and implement intelligent, cost-effective sourcing solutions, with a focus on value for money, supply chain efficiency, optimising ways of working, and delivering your organisation’s goals.

Read more

Service Management

Rooted in established best practice frameworks, and tailored to your specific challenges, our service management expertise and delivery approach will significantly accelerate your journey to an embedded, optimised, and cost-efficient service experience.

Read more

Operating Model & Organisational Design

From strategy to delivery, we help business and technology leaders design and deliver ambitious, yet achievable, operating models to embed digital value, grow revenue, optimise the customer experience, gain competitive advantage, and drive efficiencies across the business.

Read more

Digital

At Mason Advisory, our people make the difference. With decades of combined experience, our consultants help organisations navigate digital change with confidence. Trusted by private and public sector bodies, we focus on aligning your strategy and technology to deliver clear, measurable results. Work with us to make your digital goals a reality.

Read more

Delivery

Our experienced senior consultants will support you and your executive leadership to plan, monitor and assure IT transformation initiatives that align to the business objectives, generate high returns, and successfully deliver on time and on budget.

Read more

Data & AI

Data is the lifeblood of your business and essential to any AI strategy. We’ll support you to maximise its value, transforming insights into growth, and embrace the innovation your customers, members and users expect.

Read more

Cyber

From high street banks to statutory bodies, we are providing clients in every industry with tailored, value for money strategies and practical support to secure their enterprises against today’s risks and tomorrow’s zero-day threats.

Read more

Architecture

Our seasoned consultants support clients, from global brands to high street names, to embed transformative, joined up enterprise architecture that enables outstanding customer service, optimised operations and sustained commercial success in a digitally-led world.

Read more