Dimension 2: Cybersecurity Culture and Society
Dimension 2 Cybersecurity Culture and Society reviews important elements of a responsible cybersecurity culture such as the understanding of cyber-related risks in society, the level of trust in Internet services, e-government and e-commerce services, and users’ understanding of personal information protection online. Moreover, this Dimension explores the existence of reporting mechanisms functioning as channels for users to report cybercrime. In addition, this Dimension reviews the role of media and social media in shaping cybersecurity values, attitudes and behaviour.
Details Research and Directions
Encouraging Responsible Cybersecurity Culture within Society
Business and industry, governments and civil society are increasingly encouraging consumers and citizens to conduct transactions and participate in civic, social and public affairs online. Networked individuals are also organising activities from the grass roots using the Internet and related digital media.
The success of institutional and citizen-originated initiatives depends on the degree that networked individuals have the trust and confidence that they are adequately protected in cyberspace. They must be aware of risks, know how to use the Internet safely and securely, and have the time and inclination to take the necessary steps to do so.
The GCSCC is conducting research to find out more about the attitudes, beliefs and values of individual Internet users with respect to security and privacy, and what they understand as their cyber responsibilities. This will help determine whether users in general need more support with cybersecurity and identify demographic groups who may require particular assistance in accessing services or reassurance that cyberspace is safe to use with an awareness of risks to themselves and the larger public.
While it is important to realise that some Internet and social media users are not sufficiently aware of a variety of risks, it is important not to underestimate users in keeping them abreast and reminding everyone of the best security practices when conducting transactions online. Ideally, Internet users will develop a cybersecurity mind-set that enables them to place a priority on practices that protect their privacy and security in the course of everyday use.
Most individuals using the Internet expect to trust it as a utility that is safe to use without having to spend much time and effort on security and protecting their personal privacy. Most other utilities do not require as much user input, as safe practices are built into the infrastructure and taught from an early age. As cyber service providers are far from a point at which computing services can be provided as such a utility, users can be left vulnerable to avoidable cyber-attacks unless adequate measures are taken to protect them, through the efforts of themselves or others.
It is likely that the answer lies partly in making people more aware of online threats to their privacy and security and skilled in ways to protect themselves. Over-stating risks could be counterproductive as it could create a culture of fear around cyber space. In fact, experience online is one of the best means of building skills in security and an awareness of cyber risks. Fear and a lack of experience could lead particular groups of people to be less likely to use the Internet, cutting them off from benefits such as better access to education and a wide range of services. Understanding what consumers and households think of cyberspace is the first step in helping them adopt safer practices and best use the Internet and related digital media in ways that realise its benefits and minimise its risks.
Our research will compare knowledge and attitudes to responsibility, risks, security and privacy and best practice across different countries and track change over time. Understanding users is critical to developing cybersecurity technologies and policies, making it critical for this area of research to connect with other dimensions to create a safer and more secure Internet.
This Dimension is co-chaired by Professor Emeritus William Dutton, an Oxford Internet Institute (OII) and Oxford Martin Fellow, who was the first Professor of Internet Studies at the University of Oxford.
Factors
This Factor evaluates the degree to which cybersecurity is prioritised and embedded in the values, attitudes, and practices of government, the private sector, and users across society at large. A cybersecurity mindset consists of values, attitudes and practices–including habits of individual users, experts, and other actors–in the cybersecurity ecosystem that increase the capacity of users to protect themselves online.
Apsects
- Awareness of Risks: this Aspect examines the level of awareness of cybersecurity risks within the government, private sector and users;
- Priority of Security: this Aspect examines the extent to which the government, private sector and users make cybersecurity a priority; and
- Practices: this Aspect examines whether the government, private sector and users follow safe cybersecurity practices.
This Factor reviews critical skills, the management of disinformation, the level of users’ trust and confidence in the use of online services in general, and of e-government and e-commerce services in particular.
Aspects
- Digital Literacy and Skills: this Aspect examines whether Internet users critically assess what they see or receive online;
- User Trust and Confidence in Online Search and Information: this Aspect examines whether users trust in the secure use of the Internet based on indicators of website legitimacy;
- Disinformation: this Aspect examines the existence of tools and resources to address online disinformation;
- User Trust in E-government Services: this Aspect examines whether there are government e-services offered, whether trust exists in the secure provision of such services, and if efforts are in place to promote such trust in the application of security measures; and
- User Trust in E-commerce Services: this Aspect examines whether e-commerce services are offered and established in a secure environment and trusted by users.
This Factor looks at whether Internet users and stakeholders within the public and private sectors recognise and understand the importance of protecting personal information online, and whether they are sensitive of their privacy rights.
Aspects
- User Understanding of Personal Information Protection Online: (as above)
This Factor explores the existence of reporting mechanisms that function as channels for users to report Internet-related crime such as online fraud, cyber-bullying, child abuse online, identity theft, privacy and security breaches, and other incidents.
Aspects
- Reporting Mechanisms: (as above)
This Factor explores whether cybersecurity is a common subject of discussion across mainstream media, and an issue for broad discussion on social media. Moreover, this Factor looks at the role of media in conveying information about cybersecurity to the public, thus shaping their cybersecurity values, attitudes and online behaviour.
Aspects
- Media and Social Media: (as above)