This paper finds individuals comply with security practices up to a certain point only, after which point compliance wains. Organisations can influence an individual’s perception of where the compliance threshold lies so long as they know of and can manipulate individual decision making processes and the feedback cycles associated with compliance. Further, after acknowledging the existence of a compliance budget, organisations can employ economic reasoning to ensure the compliance budget is used in the areas where compliance matters most.