Risk and security are always subject to perception, point of view and biases. How do you balance a secure system over a cumbersome user experience?

Risk and security are always subject to perception, point of view and biases. How do you balance a secure system over a cumbersome user experience? What do you consider an asset, over what others and attackers consider an asset? From day one you need to accept that security is an exercise in critical thinking and analysis.minimum of 250 word and references separate page