Alert fatigue describes the state where security teams become desensitized due to an excessive number of notifications and start missing genuine threats. The problem primarily affects SIEM systems, EDR solutions, and monitoring platforms with poorly tuned detection rules.
In an ISMS context, ISO 27001 Annex A control A.8.16 (Monitoring Activities) requires monitoring of security-relevant events. Alert fatigue directly undermines this capability. Countermeasures include tuning detection rules, prioritizing by severity, correlating multiple events, and regularly reviewing alert ratios. A useful benchmark: if more than 30% of alerts are false positives, detection performance degrades measurably.