Is the responsibilization of the cyber security risk reasonable and judicious?

Renaud, Karen and Flowerday, Stephen and Warkentin, Merrill and Cockshott, Paul and Orgeron, Craig (2018) Is the responsibilization of the cyber security risk reasonable and judicious? Computers and Security, 78. pp. 198-211. ISSN 0167-4048 (https://doi.org/10.1016/j.cose.2018.06.006)

[thumbnail of Renaud-etal-CS2018-Is-responsibilization-cyber-security-risk-reasonable-judicious]
Preview
Text. Filename: Renaud_etal_CS2018_Is_responsibilization_cyber_security_risk_reasonable_judicious.pdf
Accepted Author Manuscript
License: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 logo

Download (812kB)| Preview

Abstract

Cyber criminals appear to be plying their trade without much hindrance. Home computer users are particularly vulnerable to attack by an increasingly sophisticated and globally dispersed hacker group. The smartphone era has exacerbated the situation, offering hackers even more attack surfaces to exploit. It might not be entirely coincidental that cyber crime has mushroomed in parallel with governments pursuing a neoliberalist agenda. This agenda has a strong drive towards individualizing risk i.e. advising citizens how to take care of themselves, and then leaving them to face the consequences if they choose not to follow the advice. In effect, citizens are “responsibilized .” Whereas responsibilization is effective for some risks, the responsibilization of cyber security is, we believe, contributing to the global success of cyber attacks. There is, consequently, a case to be made for governments taking a more active role than the mere provision of advice, which is the case in many countries. We conclude with a concrete proposal for a risk regulation regime that would more effectively mitigate and ameliorate cyber risk.