Skip to content

A Holistic Approach to Ethical Issues in Cyber Security

Today, nearly all sectors of society are already an indispensable part of the cyber world. There are massive opportunities, and at the same time, immense fears and challenges. Information in the cyber world can be accessed globally, so the field of cyber security needs to evaluate what is right and wrong. In this blog post, our objective is to review the social costs and underlying ethical issues in cyber security that have been triggered by technological advancements.

What do we mean when we talk about ethics?

Ethics is a branch of philosophy that deals with what is deemed to be right or wrong. The study of ethics can be either on a theoretical level or on an applied level.

On a personal level, ethics pertain to the moral guidelines that can help us through difficult situations, aiding us in making the best decisions. We are likely to use our personal ethics to advance our careers and manage many different real-life scenarios. Our personal ethics can contain common ethical guidelines that other individuals share, however they may vary in their level of importance.

In work-life, ethics are a set of values based on the ideals of discipline and are often formulated in formal codes. Individuals with a strong work ethic are known to be productive – they do not procrastinate and are respectful towards others. Basic work ethics within the work-life environment include attitude character, cooperation, respect, productivity, etc.

Global Cyber Conference 2023
Global Cyber Conference 2023

What does ethics have to do with cyber security?

Cyber security practices aim to secure computer systems and networks and keep data safe. Those data, systems, and networks indeed hold some economic or other value in themselves, but what cyber security practices essentially protect is the integrity, functionality, and reliability of organizations that rely upon such data and systems.

This means that ethical issues are at the core of cyber security practices, as these practices are increasingly required to secure the ability of human individuals and groups to live well. In an increasingly networked society, a wider and better comprehension of cyber security ethics is critical for promoting human prosperity. The following are the three important ethical issues in cyber security.

Harms to privacy

Privacy harm is conceptualized as the negative consequence of a privacy violation. Some of the most common cyber threats to privacy include identity theft. Identity theft is the term used to refer to all sorts of crimes in which someone unlawfully gains and uses another person’s personal data in some way that involves fraud, usually for financial gain.

The exposure of sensitive personal information results in costly spam, phishing, or other undesirable communications. That said, it is important to understand that privacy harms do not only jeopardize those whose sensitive information is directly exposed to cyber threats. Even those who try to live disconnected from the digital cannot prevent sensitive data about them from being generated and shared by their friends or family.

This situation puts an enormous amount of pressure on cyber security specialists, who are trusted with manning the critical line of defense against personal and organizational privacy harms. All in all, poor cyber security practices can be more than just ineffective, they can be unethical as well.

Cyber security resource allocation

The second ethical issue that should always inform cyber security practice is the unavoidably huge cost of cyber security. The cost is great because cyber security efforts take up a considerable number of individuals as well as organizational resources like time, money, and expertise.

Not having adequate cyber security measures in place imposes even greater costs. You may naturally ask how the issue of resource allocation can be seen as an ethical issue. Imagine a situation where a cyber expert who works for a hospital responds to a possible threat by immediately instituting an extremely time-consuming security login procedure, where he/she does not first consider the core function and interests of the network users.

This situation can endanger the patients’ lives, particularly in departments where fast network access is required to use life-saving medicines or equipment. In short, the responsibility of recognizing a sound balance between well-resourced cybersecurity and other kinds of functionality is an ethical issue.

Transparency and disclosure

Cyber security is a form of risk management, and because those risks substantially affect other parties, there is a default ethical duty to disclose those risks when identified, therefore affected parties can make informed decisions. For instance, if a company finds out a critical vulnerability in its software, it must notify its customers or clients of that discovery in a timely manner.

That said, each cyber security scenario comprises different facts, different products or services, and interests at stake, thus there is no one-size-fits-all approach or guidance that one can utilize to guarantee adequately transparent cyber security practice. This translates into the fact that what is required in each case is a solid ethical reflection on the specific scenario and the risks, benefits, and tradeoffs involved, followed by a coherent ethical judgment about what is best to do, given the facts and options.

Final thoughts on cyber security ethics

Although cyber ethics remains an under-researched field, we tried to shed light on ethical issues in cyber security. Ethics have always been important in the past, however, the awareness of ethics is becoming more critical now. Cyber security professionals and organizations should adopt procedures for rigorously evaluating the compliance of their members with the applicable ethical cyber security obligations.

Swiss Cyber Institute builds competencies through training and exclusive events and helps its members to mitigate the cyber risks associated with digitalization. We take a unique approach to cyber security training and build a sustainable culture of cyber security within your organization.