The Problem with Data Breach Fatigue

data breach fatigue, data breach litigation

The Problem with Data Breach Fatigue


Data breach fatigue is a vicious and self-perpetuating cycle. Data breaches – unintentional leaks of sensitive information – have become so common that people are becoming numb to them and growing complacent with cybersecurity. This complacency then makes them more at risk of incidents. However, data breach litigation is on the rise.

The statistics are alarming. In 2021, around 85% of businesses experienced a data breach of some kind, and 40% experienced six or more. And data breaches exposed approximately 15 million data records worldwide, within the third quarter of 2022 alone.

data breach fatigue, data breach litigation

Data Breach Fatigue Reasons

There are unending threats and threat alerts to take note of but when data breach fatigue kicks in, the overall vigilance isn’t keeping up. Cybersecurity practices have become slack, even when comparing pre- to post-pandemic levels. 58% of organizations report more cases of employees ignoring cybersecurity guidelines, along with accidental and improper employee data sharing since the pandemic.

Those figures track with decade-old trends. A high volume of data breaches or alarms saturates the mind with pessimistic news, which contributes to lowered confidence and less motivation  to act. Research into the impact of data breaches found that people respond with acceptance, apathy, and lowered engagement. Many don’t even change their passwords after being notified of a data leak.

That’s bad news. Lowered vigilance inevitably leads to more data breaches and slower detection times. Low employee security awareness is one of the two biggest cybersecurity threats. According to the World Economic Forum, more than 95% of cyber incidents are linked to human error. Plus, apathetic professionals or consumers are slow to detect, report, and contain data breaches. Throughout 2022, it took organizations an average of 277 days to detect and contain a data breach, according to IBM’s Cost of a Data Breach 2022 Report.

Data breach fatigue represents a critical security and organizational threat. Businesses that want to protect their data and maintain cybersecurity must account for this phenomenon.

Make Communication a Top Priority

Communicate, communicate, communicate, and maintain a high degree of cybersecurity awareness. Discussing cybersecurity guidelines, threat activity, and potential data breaches typically feels repetitive. But that’s exactly what needs to happen.

Clear communication is effective at preventing and mitigating cybersecurity incidents, creates habit and prevents data breach fatigue. Ensure that everyone within the organization is up to date and informed. Use language that’s factual and to the point, without relying on technical jargon.

Many people are inured to information leaks and cyber scams. Some completely ignore what’s happening, feeling powerless or ineffective. Others are uncertain of their responsibilities or authority in dealing with a situation. Others are unfamiliar with the resources and don’t know exactly where to turn.

Maintain ongoing dialogue on security protocols, responsibilities, and resources. This includes reminding people of basic steps, such as changing passwords and checking credit stores. It can also be helpful to give customers a step-by-step list of ways in which they can secure themselves and protect their information from fraud.

Don’t Ignore the Threat

Data breaches are damaging enough to impact core business outcomes. One would expect incidents to be taken seriously at all times. And yet, businesses tend to ignore them, especially when experiencing data breach fatigue.

Gaming giant, Electronic Arts (EA), ignored multiple warnings from cybersecurity researchers on critical vulnerabilities. Hackers gained their way in not long after. Target, a global retailer, ignored alerts, that it could have potentially stopped. Nortel Networks was hacked for years, while management failed to respond appropriately. Panera Bread ended up leaking 37 million customer records after ignoring a known security vulnerability for eight months.

Not all companies would ignore an active hack. However, data breach fatigue commonly leads to ignoring ongoing cybersecurity threats, alerts, and alarms. That’s dangerous.

An ignored threat can escalate or re-emerge later on. Insufficient threat response always increases the chances of a successful breach and the potential for criminals to do damage. Organizations that fail to respond appropriately pay heavy costs.

IBM puts the average cost of a data breach at $4.35 million worldwide and $9.44 million in the United States. Those costs include productivity losses, cost of response and recovery, reputational damage, and fines and judgments.

Consumers are aware of their legal privacy rights and beginning to go after businesses that have leaked records or compromised their privacy. Data breach litigation is one of the hottest legal trends. Healthcare provider Banner Health was recently ordered to pay $6,000,000 to victims of a 2016 breach.

Financial and reputational damages can make or break a business. Don’t be negligent with internal, customer, or public data.

cyber security questions to ask your ciso, cyber security questions

Close the Awareness and Skill Gap

Here are the two biggest issues contributing to data breach fatigue and thus, poor cybersecurity: poor employee security awareness and insufficient cyber skills. The CyberEdge Group’s 2022 report specifically noted these as top recurring factors.

There are over 4 million unfilled cyber jobs, leaving many organizations struggling to attract and hire talent. Cybersecurity training took a dip during the pandemic, leaving the workforce sorely uninformed as even more threats emerged.

Did you know that over 50% of employees don’t believe they can compromise their phones by clicking a suspicious link? And 50% believe they should respond to a suspected social engineering email in order to confirm their suspicions!

The situation is dire, but fortunately, it’s fairly easy to mitigate both. Organizations can close the internal cybersecurity knowledge gap with training and advanced assessments to determine current needs. There is high competition for talent, but skilled professionals can be retained with specialized placement services or by retaining ongoing consultants.

Safeguarding Against Data Breach Fatigue

Cyberattacks and data breaches are so common, we’re beginning to grow numb to them- hence “data breach fatigue” has become a term. Disregarding basic security steps as threats increase doesn’t make sense. But that’s just human nature and data breach fatigue in a nutshell.

Never take internal breach fatigue, threat alerts, or incidents lightly. Even minor incidents can lead to sensitive information winding up on the dark web and available to criminals. And the consequences include financial losses, reputational damage, operational disruption, and legal action.

This level of diligence can be difficult for organizations to sustain. Sometimes you need outside help.

ThriveDX helps enterprises fight data breach fatigue with a suite of cybersecurity solutions that protect against the human factor to create end-to-end enterprise protection. Those include employee training, threat detection, and cyber personnel recruitment services.

Please contact us to learn more, or book a personal demo.

Protect Your Organization from Phishing


Explore More Resources

GitLab Inc. Increases Security Awareness for Development Teams Through New Partnership with Kontra's Cutting-Edge
While digital threats lurk around every corner and blur the lines between attacker and
Explore Ben Kapon's article on merging physical and digital security in SOCs, highlighting the
GitLab Inc. Increases Security Awareness for Development Teams Through New Partnership with Kontra's Cutting-Edge

Your Trusted Source for Cyber Education

Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.

Download Syllabus

Let’s Talk

Download Syllabus

Apprenticeship Program

Apprenticeship Program

Let’s Talk

Get Your Free Trial

Access our Free OWASP Top 10 for Web

Enter your information below to join our referral program and gain FREE access for 14 days

Follow the steps below to get FREE access to our OWASP top 10 for Web course for 14 days

  1. Simply copy the LinkedIn message below
  2. Post the message on your LinkedIn profile
  3. We will contact you as soon as possible on LinkedIn and send you an invite to access our OWASP Top 10 for Web course


Make sure you confirm the tag @ThriveDX Enterprise after pasting the text below in your LinkedIn to avoid delays in getting access to the course.
tagging ThriveDX Enterprise on LinkedIn

Ready to Share?

Take me to now >

Contact ThriveDX Partnerships

[forminator_form id=”10629″]
Skip to content