As cyber security researchers and professionals, we want to behave ethically. Indeed. Danny Bradbury calls for a code of ethics for cybersecurity.
Marc Dupuis and I were interested in looking at the ethical aspects of fear appeals in cyber security. It is, of course, tempting to think that we ought to scare people into taking cyber security precautions. We wanted to consider this topic from an ethical perspective.
We first considered three foundational ethical perspectives: Kant, Utilitarianism and Justice Theory. We then consulted the two stakeholder groups to gain insights into the ethical concerns they consider to be pertinent. We first consulted deployers: (a) fear appeal researchers and (b) Chief Information Security Officers (CISOs), and then potential cybersecurity fear appeal recipients.
We derived six ethical principles to guide cybersecurity fear appeal deployment. We hope this will be useful to those who are considering using fear appeals in cybersecurity.
Marc Dupuis and Karen Renaud. Scoping the Ethical Principles of Cybersecurity Fear Appeals. Ethics and Information Technology. To Appear
When the paper has been published I’ll provide a link here. It will be open source.