Co-Founder Peter Norman Featured in Panel on Cyber Alert Fatigue
/"Alert fatigue" is the cyber equivalent of crying wolf. It's a major problem in cybersecurity and a big reason we designed ReplyToSome as a more effective alternative to annoying pop-up warnings. ReplyToSome co-founder Peter Norman recently participated in a panel discussion on how to avoid alert fatigue for Digital Guardian. Read Peter's comments below:
In trying to understand alert fatigue we reviewed research conducted by scholars who study human error, such as Don Norman and James Reason. Their research highlights the importance of what they call capture errors – cases where you are performing a relatively new activity that involves a sequence of steps very similar to that of a more common activity. Typically, the beginning of the sequences will be similar but the final steps will diverge. For example, the sequence of a deck of cards goes ... 6, 7, 8, 9, 10, Jack, Queen, King, Ace. But if you are not a frequent card player and are asked to list cards from memory while occupied with another task, you might count them out loud as 6, 7, 8, 9, 10, 11, 12, 13, 14.
Capture errors are closely related to alert fatigue. Often alerts will come at the end of a process. Take, for example, the normal sequence of actions for sending an email. First, you read a message, then press reply, then draft your response, then review it, and finally press send. Suppose you have a program that gives a warning after you press send, asking if you're sure you want to include an outside party. If you frequently intend to email outside parties and usually just disregard and click through the warning (i.e., because you intended to send the message to the outside party), then you are at risk of a capture error due to alert fatigue. Disregarding the warning becomes the most common activity and you are likely to respond to it by clicking through, even in cases where the warning is relevant.
Good designers can fight capture errors and thus many of the problems caused by alert fatigue in a few ways. First, they shorten the number of steps in a sequence – people are actually often more likely to pay attention to warnings on one click activities. Second, they provide immediate feedback on risks, not waiting until the end of a sequence. For example, if a user is completing a form, show errors as the user types rather than asking the user to confirm information after completing the entire form. Third, they reduce the number of false positives. This is often easier said than done, but targeted, infrequent warnings are much more likely to be effective.