If I tell friends and colleagues that I am working on a ‘cybersecurity project’, I can see them mentally move along to other topics. In sounds technical and only technical.
Arguably, most internet users and ordinary people generally see cybersecurity as a technical field – one that is likely to be impenetrable or uninteresting to nontechnical internet users. Not only does cybersecurity sound technical but it also sounds like a process in which no ordinary humans are involved. It might be something you ask an IT or security consultant about, but not a topic for ordinary people. In fact, cybersecurity is very much tied to psychological, cultural, economic, and other social factors, but it seems technocentric.
At the same time, almost all internet users are likely to feel insecure online. Those least trusting of the internet or social media, for example, tend to be those who never use it (Dutton 2003; Dutton & Shepherd 2006). But even sophisticated computer scientists are likely to have some insecurity as they know many of the ways in which their security could be breached. And this is increasingly the case amid current hype over back doors on mobile smartphones, AI generated misinformation like deep fakes, and AI enabled surveillance along with the wider array of security issues around hacking, phishing, hate speech, and more. Even technically expert internet users can be insecure because they are well enough informed to know that they cannot be totally certain about their security online.
For such reasons, if you ask a person whether they feel secure online, you are likely to get a rapid and clear response: no. In a recent discussion on a WhatsApp group involving my neighbors, a discussion of a possible scam, one of my neighbors wrote: “We have to be on the alert all the time!”
These observations have led me to conclude that the very term ‘cybersecurity’ sounds too technical to engage ordinary internet and social media users. It seems like a problem not involving humans, but equipment and techniques beyond the pale of most people. In that light, maybe we should begin to speak about ‘cyber insecurity’. Technologies are not insecure. [An exception might be HAL in 2001 Space Odyssey.] So immediately people can identify cyber insecurity as something primarily about people and maybe even themselves. Experts as well as ordinary people, such as those with children online, might want to discuss and address this issue – it is something they can understand, feel, and imagine.
But it is not only a perception or feeling. It is not only about psychological responses. People can do concrete things that make them feel and actually be more secure online. For example, I’ve written about developing a cybersecurity mindset, which involves practices that can help people be and feel more secure online (Dutton 2017). Households, organisations and nations can build their cybersecurity capacities in ways that enable them to be and believe themselves to be more secure in the network age (Creese et al 2020, 2021). Models like the Cybersecurity Capacity Maturity Model for Nations (CMM) provide frameworks to help build cybersecurity capacity.[1] There are things you can do if you feel insecure, so it might be valuable to engage the many who are feeling insecure online to learn how to be more secure. This does not mean you can eliminate insecurity or even that this would be a good idea. Blind trust in the internet and social media would be dangerous.
As I was thinking about this flip from cybersecurity to cyber insecurity, I ran across an article in The Financial Times about the ‘UK’s insecurity’ (O’Connor 2023). She was writing about what the UK’s shadow chancellor, Rachel Reeves, was calling ‘securonomics’ as part of a ‘new political zeitgeist’. O’Connor wrote: ‘Reeves said the world was living through an “age of insecurity”.’ The article not only touched some of the same points I had considered around cyber insecurity, but also built on it, talking about insecurity over globalisation, over housing, electricity, gas, jobs, Ukraine, and more. In fact, cyber insecurity was one of the only issues not identified by O’Connor. In this spirit, a focus on cyber insecurity would not stand alone. I would add cyber insecurity to Rachel Reeves’ list of insecurities and truly believe it could be helpful. It would have a lot of company across many areas of life and work in our digital age and just possibly raise awareness of what can be done to enhance security online.
References
Creese, Sadie and Dutton, William H. and Esteve-González, Patricia and Shillair, Ruth (2020), ‘Cybersecurity Capacity Building: Cross-National Benefits and International Divides’. Paper accepted for presentation at the TPRC48, Washington DC, Forthcoming, TPRC48: The 48th Research Conference on Communication, Information and Internet Policy, Available at SSRN: https://ssrn.com/abstract=3658350 or http://dx.doi.org/10.2139/ssrn.3658350
Creese, S., W. H. Dutton, P. Esteve-González & R. Shillair, (2021), ‘Cybersecurity capacity-building: cross-national benefits and international divides’, Journal of Cyber Policy, 6:2, 214-235, DOI: 10.1080/23738871.2021.1979617
Dutton, W. H. (2003), ‘Trust in the Internet: The Social Dynamics of an Experience Technology’, OII Research Report No. 3, Oxford: Oxford Internet Institute, University of Oxford.
Dutton, W. (2017), ‘Fostering a Cyber Security Mindset’, Internet Policy Review, 6(1): DOI: 10.14763/2017.1.443 Available at: https://policyreview.info/node/443/pdf
Dutton, W. H., and Shepherd, A. (2006), ‘Trust in the Internet as an Experience Technology’, Information, Communication and Society, 9(4): 433-51.
O’Connor, Sarah (2023), ‘Globalization is Not to Blame for UK Insecurity’, The Financial Times, 25 July: p. 23.