The economics of user effort in information security

A significant number of security breaches result from employees' failures to comply with security policies. The cause is often an honest mistake, such as when an employee enters their password in a phishing website, believing it to be a legitimate one. 1 It can also be a workaround when faced with an impossible task, such as when an employee has so many different passwords that they must be written down. 2