The science behind alert fatigue: How to turn down the noise so you can hear the signal

Alert fatigue is attributed to habituation, but it can be combatted

You've likely experienced alert fatigue at some point in your life. You feel exasperated as your phone pings for what seems like the hundredth time in a day, or your eyes glaze over as a glut of new analytics data rolls in. You feel resigned to the fact that an influx of email could very well go on forever.

This acclimatization that comes with being overwhelmed by a variety of signals, both relevant and irrelevant, isn't a big deal on the personal side of things. But it can have major consequences in the world of business intelligence, where missing even one important alert can be costly.

Just look at Target's 2013 data breach. Its security team had actually received alerts about malware on the network from a threat-detection tool. However, the team chose to ignore the alerts because they were so common. You know the rest of the story -- Target is still paying customers who were victims of the breach.

Luckily, this insidious problem for enterprise has some fairly straightforward solutions -- thanks to what we already know about human psychology and the science behind alert fatigue.

The psychology behind alert fatigue

On its most basic level, alert fatigue can be attributed to habituation -- a psychological process that's meant to help reduce stress by eliminating your awareness of unpleasant and potentially stress-inducing signals that continue unabated and seem to have no connection to real-world consequences.

A car alarm, for instance, often fades into the background if it goes on for a long period of time. Your body starts to understand that this unpleasant noise doesn't impact you, so you tune it out. You don't stop hearing it; you just stop paying attention to it.

This would be all well and good if habituation weren't such a blunt instrument. Hospitals, for instance, have been battling their own version of alert fatigue for years. Doctors and nurses become so accustomed to the flood of irrelevant beeping sounds and alarms that even ones that are relevant are often ignored, both consciously and unconsciously. In other words, the more signals someone receives, the more likely he or she will be to ignore them -- regardless of relevance.

Fortunately, this alert fatigue is easy to combat. Hospitals found that by reducing the number of auditory alarms, they were able to nearly eliminate the problem. It wasn't a matter of adding technology or changing the way employees were alerted; it was simply a matter of sorting out which alarms were important and which were just noise.

This thinking directly applies to the world of enterprise -- you shouldn't have to sift through an increasingly large haystack of signals to find the few needles. You should just be given the needles from the start.

How to fight alert fatigue

Remember the controversy over "the color of the dress" that recently circulated on social media? Turns out that the color you see isn't about the light coming into your eyes. Rather, the context around the dress constructs your color experience.

Similarly, alert fatigue is more about the context and the experience: How many alerts do you review and in what fashion, and are those alerts actionable or relevant? If you're used to acting on alerts because they're relevant, specific, and have the correct context, you'll be less susceptible to alert fatigue.

But if your morning consists of sifting through multiple analytics dashboards and email alerts telling you about every single change that happened in a BI chart, then you're more susceptible to alert fatigue. The best way to start reducing this potential for fatigue is to do an audit of your own behavior and ask colleagues and employees to do the same.

Monitor when and why you send and receive emails and any other notifications -- from calendar alerts to social media alerts to network security alerts and so on. If you're being alerted (or alerting others), make note of it. Spend at least three days doing this. Once you and your colleagues have a good sample, you can begin to dissect these alerts and discover which are relevant.

Focus on results when looking at these alerts. Are they helping you improve the bottom line? Are they giving you data you can use immediately, or are they just flooding you with information you have to analyze? Are you getting alerts that are relevant to other departments but not you? Answering these questions can help you gain a better understanding of which alerts are relevant. Once you know that, you can start to turn off some of them.

Create email filters so that only urgent email shows up (e.g., sudden changes in meeting times and messages from important people in your work community). Turn off alerts for social media likes, but keep alerts for follow-up comments on important projects or time-sensitive issues. Only send alerts for metrics that are showing irregular behavior (e.g., if server latency is especially high or sales are especially low), and get rid of alarms for events that are within normal ranges.

Alert fatigue can creep up on you. As alerts start to pile up and become decreasingly relevant, it can be easy to surrender to the glut of information and succumb to fatigue without even realizing it. But by implementing filters that only send employees alerts that are results-based -- instead of information-based -- you can reset alert fatigue back to zero. And with regular audits of the signals that are coming in, you can keep it that way.

Moscovicifounded Metric Insights in 2010 to transform the way business intelligence is performed so organizations of any size can quickly and easily deploy powerful analytics. Marius has over 20 years of experience in analytics and data warehousing and was previously the co-founder and CEO of Integral Results, a leading business intelligence consulting company that was acquired by Idea Integration.

Join the CSO newsletter!

Error: Please check your email address.

Tags Targetsecurity

More about Idea IntegrationIntegral

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Marius Moscovici, founder and CEO, Metric Insights

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place