Is the responsibilization of the cyber security risk reasonable and judicious?

Renaud, Karen; Flowerday, Stephen; Warkentin, Merrill; Cockshott, Paul; Orgeron, Craig P.

doi:10.1016/j.cose.2018.06.006

Cited by 45 publications

(38 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cyber security is a relatively new phenomenon on an evolutionary scale, certainly much newer than many other areas of human risk management, such as managing physical safety or disease prevention. Due to its newness, it is thus reasonable to assume that the populace at large lacks sufficient knowledge and skills to secure their own information, systems and devices adequately [62,138,141,143].…”

Section: Reluctance To Switchmentioning

confidence: 99%

“This is the way ‘I’ create my passwords” ... does the endowment effect deter people from changing the way they create their passwords?

Renaud

Otondo

Warkentin

2019

Computers & Security

Self Cite

View full text Add to dashboard Cite

The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their overestimating the "value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect. In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines.

show abstract

Section: Reluctance To Switchmentioning

confidence: 99%

“This is the way ‘I’ create my passwords” ... does the endowment effect deter people from changing the way they create their passwords?

Renaud

Otondo

Warkentin

2019

Computers & Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…Other scholarship has employed similar approaches, utilizing the homeland security policy regime (May, Jochim, and Sapotichne 2011) and risk regimes (Quigley and Roy 2012) consistently with the goal of progressing policy regimes that concentrate policy making on a collective goal across diverse subsystems. Nye (2014, 19) concludes that “internet governance is the application by governments, the private sector and civil society of principles, norms, rules, procedures and programs that shape the evolution and use of the Internet.” Other recent research has proposed that the citizenry has, in effect, become responsibilized—that cyber risk is individualized, thus contributing to the expansive spread and efficacy of cyber attacks (Hadjimatheou 2019; Renaud et al 2018).…”

Section: Cyber Policy In Public Administrationmentioning

confidence: 99%

“…Citing the paradox in the current policy‐making environment (de Bruijn and Janssen 2017), as well as other authors suggesting the murky pitfalls of attribution (Schulzke 2018), recent scholars have called for the framing of cyber security dialogue. Some have raised concerns about the apparent responsibilization of individuals for cyber security, comparing it with stances related to similar societal contagion‐type risks such as disease and fire (Renaud et al 2018).…”

Section: Cyber Policy In Public Administrationmentioning

confidence: 99%

“…Responsibilization has not seen unqualified success in other areas (Avigur‐Eshel 2018; Phoenix and Kelly 2013; Rossiter 2012; Soneryd and Uggla 2015; Stol, Schermer, and Asscher 2016), notably in those domains where building capability is rather more challenging than anticipated (e.g., health, finance, and drug abuse). Renaud et al (2018) suggest that responsibilizing cyber security is ill advised and that more should be done to support citizens and organizations in resisting cyber attacks. They argue that cyber threats are currently managed by governments as if they are a solo risk, whereas they ought to be managed similar to the way other contagious and calamitous risks are managed, due to the epidemiology of cyber attacks and the expertise required to mitigate them.…”

Section: Questions 5 and 6: How Could The Intervention Stance Be Quesmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Security Responsibilization: An Evaluation of the Intervention Approaches Adopted by the Five Eyes Countries and China

Renaud

Orgeron²,

Warkentin

et al. 2020

Public Administration Review

Self Cite

View full text Add to dashboard Cite

Governments can intervene to a greater or lesser extent in managing the risks that citizens face. They can adopt a maximal intervention approach (e.g., COVID‐19) or a hands‐off approach (e.g., unemployment), effectively “responsibilizing” their citizens. To manage the cyber risk, governments publish cyber‐related policies. This article examines the intervention stances the governments adopt in supporting individual citizens managing their personal cyber risk. The authors pinpoint the cyber‐related responsibilities that several governments espouse, applying a “responsibilization” analysis. Those applying to citizens are identified, thereby revealing the governments' cyber‐related intervention stances. The analysis reveals that most governments adopt a minimal cyber‐related intervention stance in supporting their citizens. Given the increasing number of successful cyber attacks on individuals, it seems time for the consequences of this stance to be acknowledged and reconsidered. The authors argue that governments should support individual citizens more effectively in dealing with cyber threats.

show abstract

“…For example, the cost of each of these cyber-security breaches was estimated at US$ 221 in the financial sector; US$ 208 in the service industry; US$ 355 in the healthcare industry; and US$ 246 in the education industry (Sommestad, Hallberg, Lundholm, & Bengtsson, 2014). Renaud et al (2018) believe that most of these cyber breaches and threats may affect the organizational internal process. Some scholars (e.g., Sun, 2018; Pak Nejad, Javadi, & Mohammadi, 2014) support this view by linking these cyber-security risks and threats to cyber-security forces.…”

Section: Introductionmentioning

confidence: 99%

Cyber-security effect on organizational internal process: mediating role of technological infrastructure

Kilani

2020

Problems and Perspectives in Management

View full text Add to dashboard Cite

Adopting the technologies among organizations comes with the continuous worries of protection and hacking. The idea of cyber-security has become over the years the main interest of many organizations, which depend on technologies in its operations, which requires them to pay extra attention to their technological infrastructure. The current study aims at examining the influence of cyber-security forces on organizational internal operations and the role of technological infrastructure in defining and controlling the level of protection that cyber-security has on organizational internal processes. Quantitative approach was adopted, and a questionnaire was utilized to collect the data from a convenient sample of 360 software engineers, network engineers, software testers, web developers, and technical support using a structured survey questionnaire, and analyzed using SPSS version 21. The results confirmed that cyber-security motivators (data growth, technology expansion, access to required resources, operational control, and technical control) indirectly affect solid internal processes that are attributed to the consistency of technological infrastructure in an organization. The variable of ‘data growth’ appeared to be the most influential motivator on cyber-security strategies, as it scored a mean of 4.2661, which is the highest among all adopted variables and followed by the variable of ‘technical control’, which scored a mean of 4.1296. Accordingly, the study recommends that organizations should consider IT infrastructure as a main item within their risk management strategies to avoid unpredicted risks and attacks.

show abstract

Is the responsibilization of the cyber security risk reasonable and judicious?

Cited by 45 publications

References 49 publications

“This is the way ‘I’ create my passwords” ... does the endowment effect deter people from changing the way they create their passwords?

“This is the way ‘I’ create my passwords” ... does the endowment effect deter people from changing the way they create their passwords?

Cyber Security Responsibilization: An Evaluation of the Intervention Approaches Adopted by the Five Eyes Countries and China

Cyber-security effect on organizational internal process: mediating role of technological infrastructure

Contact Info

Product

Resources

About