Insights from the webinar featuring Prof. of neuroscience Moshe Bar, and Security Practitioner and thought Leader, Matt Johansen – on combating one of the biggest challenges facing security teams today
In cybersecurity today, teams face overwhelming alert volumes. The OX 2025 Application Security Benchmark reports the average organization receives over 500,000 alerts, with 95-98% being non-critical or false positives. This creates “cognitive load” or “alert fatigue,” undermining security effectiveness and threatening both team well-being and organizational security.
A webinar hosted by Boaz “Batman” Barzel, Field CTO at OX Security, brought together Matt Johansen (Vulnerable U), an experienced security practitioner, and Professor Moshe Bar, a leading neuroscientist formerly at Harvard Medical School and currently at Bar-Ilan University who specializes in cognitive processing and information load.
Understanding Alert Fatigue and Its Neurological Backdrop
Security professionals face “alert fatigue” when constantly evaluating notifications. As Johansen notes, “You’re clicking ‘No, this is okay’ 99 times out of a hundred,” while needing to remain vigilant for the critical 1%. This combines with actual fatigue from incident response that can keep teams working until 2 a.m.
Prof. Bar explains that alert fatigue involves cognitive load and decision fatigue, which fundamentally changes thinking patterns. “If you use resources for one thing, you have less for others. We become less creative, less exploratory. We exploit familiar templates and resort to easier solutions.”
Repetitive alert monitoring causes metabolic waste to accumulate in neurons without sufficient clearing time. Constant stress can deplete essential neurotransmitters like dopamine and serotonin. “When we do this over and over, we’re depleting this reward,” explains Bar, potentially contributing to depression and anxiety beyond the workplace.
Key Signs of Alert Fatigue
Be on the lookout for these red flags in your team:
- Missing important alerts: When overwhelmed analysts start missing critical signals among the noise
- General burnout symptoms: Decreased enthusiasm, engagement, and creativity
- Declining performance: Security professionals begin making different decisions than they would when rested
- Interpersonal indicators: Increased irritability, reduced patience with colleagues
- Physical fatigue: Especially following incident response activities that disrupt normal sleep patterns
Strategies for Mitigating Alert Fatigue
1. Prioritize Rest and Sleep
Prof. Bar emphasized that sleep is particularly crucial for brain recovery: “The removal of the metabolic waste is most efficient during sleep, not only rest, and not only breaks, but actual sleep.” Encouraging proper sleep hygiene among team members can have substantial benefits.
2. Task Diversity and Switching
Both experts highlighted the importance of varying work tasks throughout the day. This approach not only reduces fatigue but can boost creativity and problem-solving abilities.
3. Mandated Recovery Time
Johansen emphasized the importance of mandated recovery following intense incident response: “You had three days of firefighting this week? Cool. You’re taking three forced days off next week.”
This approach recognizes that high-performing team members often won’t voluntarily take time off, making it leadership’s responsibility to enforce recovery periods.
4. Consider Nutrition
Prof. Bar pointed out that nutrition plays a significant role in cognitive function, particularly in tasks that require sustained attention. Foods that provide slow-release glucose, omega-3 fatty acids, and antioxidants can help support brain function during demanding periods.
5. Prevent “Superhero Culture”
Johansen cautioned against relying too heavily on a few star performers: “If every incident that ever happens, you call that one person, no one else is ever going to learn and you’re going to burn people out”.
Distributing alert monitoring responsibilities across the team builds redundancy and prevents individual burnout.
6. Revisit Company Culture
There is much to do on the organizational level to help combat alert fatigue. From encouraging staff to take walking 1-on-1s to installing sleeping pods, and embracing the defense-in-depth concept, so one missed alert will not have such catastrophic effects. Creating a culture that prioritizes both security and team well-being ensures sustainable vigilance over the long term.
Conclusion: Humans Secure Systems
Alert fatigue represents a significant challenge for security teams, with impacts that extend beyond productivity to affect individual well-being and organizational security. By understanding the neurological basis for fatigue and implementing strategies that account for human cognitive limitations, organizations can create more sustainable security operations.
An approach that recognizes both the technical and human aspects of security monitoring will ultimately produce stronger security outcomes and healthier teams.
)
