Tech addiction: the hidden cybersecurity threat

From childhood screen habits to workplace fatigue, technology is draining focus across every part of modern life. The result is a workforce more vulnerable to mistakes, manipulation and increasingly sophisticated cyberattacks, warns Steve Durbin of the Information Security Forum (ISF)

Lawmakers in Massachusetts are finally confronting what parents and teachers have seen for years: children are overwhelmed by digital distraction. A new proposal would ban mobile phones in the US state’s public schools, bringing it in line with places such as Australia, which has already taken national action, and the UK, where schools can introduce similar rules on their own. The plan reflects a wider truth that many organisations still overlook — our reliance on technology has grown into a dependency that creates risks for individuals and workplaces alike.

As someone who has spent years examining how human behaviour shapes cybersecurity, I have seen our dependence on technology deepen, creating real problems for businesses around the world.

It is no surprise that young people are becoming attached to screens so quickly, given how readily digital devices are placed in their hands from such an early age. One worrying consequence is its effect on sleep. A study in Global Pediatric Health involving 207 children found that using phones, computers, video games or television before bed was linked with shorter and poorer-quality sleep and greater morning fatigue, with phone users losing about an hour of rest each night.

As you would expect, the habits set in childhood continue into adult life. People reach for their phones almost by reflex — first thing in the morning, last thing at night and in the small gaps that once allowed for conversation and personal interaction. You see it in restaurants, where couples sit together while giving most of their attention to a screen instead of each other.

Social platforms play a large part in this. Instagram and Facebook are full of meaningless pictures of meals not tasted and places not visited. Generative AI, meanwhile, has become the latest go-to for those wishing to be seen as artistic, using these tools to create written and visual content of questionable value and accuracy.

And so the technology addiction self-perpetuates.

The implications go beyond personal wellness, reaching into the core of organisational cybersecurity.

Workplace addiction crisis

Technology has become so ubiquitous and such a part of our daily lives that we are largely unaware of how much time and attention it claims. Harvard Business Review found that we toggle between apps and websites about 1,200 times a day. This constant switching takes a toll. It is estimated that we spend almost four hours a week simply resetting our concentration.

This constant switching between devices and tasks is what psychologists call “switching costs”, referring to the depletion of mental resources we need for critical thinking and decision-making.

Dr Shanique Brown, whose research focuses on workplace cognition, explains that these digital distractions interfere with our ability to focus and give proper attention to our work. “If my working memory capacity is low,” she notes, “there’s a greater cost for me to switch back to do the work I was initially doing. The distraction steals some of my mental capacity.”

This cognitive depletion is not just a productivity problem — it is a security crisis waiting to happen.

Cybersecurity ‘scamdemic’ connection

As employees become increasingly mentally fatigued from constant switching between devices, they become less attentive. Their guard drops. They can, consequently, be more subject to cybersecurity threats, which are becoming increasingly more sophisticated and frequent.

During the pandemic, phishing attacks surged 220 percent, leading the National Institutes of Health to refer to it as a “scamdemic”. Cybercriminals have honed their skills to specifically exploit human weaknesses like gullibility, curiosity, impulsivity and simple lack of attention.

An already fatigued and distracted employee who receives an urgent email purportedly from the company CEO requesting an immediate wire transfer is likely to act before thinking objectively about the likelihood and veracity of such a request. That vulnerability drives social engineering scams.

The relationship between tech addiction and security risk operates on multiple levels:

• Constant device usage creates a state of continuous partial attention, making it more likely to ignore anomalies, red flags or indicators of compromise that signal a potential security breach.
• When employees are mentally exhausted from digital overstimulation, they are more likely to take shortcuts such as reusing passwords, clicking without thinking or bypassing security protocols that seem inconvenient.
• Burnout from technology overuse makes employees more likely to respond impulsively to urgent requests — the psychological pressure that attackers exploit.

Beyond technology solutions

Tackling tech addiction requires organisations to think explicitly and strategically about minimising employees’ tech reliance and distractions. This can be done by:

• Establishing periods and spaces where devices are prohibited, allowing employees to reset their cognitive capacity and approach work with renewed focus.
• Limiting work-related emails outside business hours to reduce the pressure to be constantly connected.
• Encouraging reflection on authentic, non-digital experiences to help employees recognise and address their own technology dependencies.

The key is framing these efforts not as rules or restrictions, but as a way to support employee wellbeing and organisational security. When senior leaders visibly disconnect during meetings and interpersonal interactions, they offer explicit permission for employees to do the same. When employees feel trusted and supported rather than monitored and controlled, they are more likely to embrace healthier work habits voluntarily.

The path forward

The Massachusetts school mobile phone ban recognises that digital addiction has become a public health issue that demands proactive intervention. While organisations of all kinds have made significant strides in safeguards such as endpoint threat detection, encryption and access controls, technology alone cannot tackle human vulnerabilities that are exacerbated by tech addiction and burnout.

Organisations that proactively address technology addiction can help employees become more productive and engaged, but also more alert and security aware.

Steve Durbin is Chief Executive of the Information Security Forum (ISF), an independent association that addresses major challenges in information security and risk management for organisations across the Fortune 500 and Forbes 2000. He is a frequent speaker on the board’s role in cybersecurity and technology.

Further information
To find out more, visit securityforum.org

READ MORE: ‘Make boards legally liable for cyber attacks, security chief warns‘. Cyber security is now a boardroom responsibility, with the Information Security Forum calling for directors to face a legal duty to protect their organisations from attack.

Do you have news to share or expertise to contribute? The European welcomes insights from business leaders and sector specialists. Get in touch with our editorial team to find out more.