Cybersecurity Ethics

Key topics in this field including harms to privacy (including poor data protection of sensitive information and identity theft), the integrity of cybersecurity analysts (plus the potential consequences of how they utilize their skills ethically when making decisions on risk assessment), functionality (such as overcomplex security procedures potentially endangering lives in the healthcare sector), disclosure of risk (for example, if a major security flaw or vulnerability is discovered), staff awareness (via specialist training) and company policy (in order to be compliant with local and/or international standards and law).

No case is exactly alike, and the context counts for a lot in cybersecurity ethics. There is also often a gap between what is ‘ethical’ and what is ‘legally permitted’. Whereas the latter must be complied with for legal reasons, the former is one way of distinguishing between companies with sound ethical frameworks in place for employees and the general public from those that do not. What is ‘unethical’ today often becomes illegal tomorrow as laws are updated to reflect the emergence of new technological contexts and societal norms. Put another way, today’s ethics regularly inform tomorrow’s laws. A failure to plan for the worst can lead to irreparable reputational damage.

Gunung.org undertakes cybersecurity consultancy work for businesses large and small. The issue affects all businesses from sole traders to multinational corporations as all are responsible for this type of security. This consultancy work includes cybersecurity ethical audits and assisting in the drafting of company policy documentation (including detailed preparation of specific responses to unexpected breaches that must be conducted in a timely manner, and practical legal instructions), the creation of training manuals (including code of conduct for IT staff) and guidance for all staff (not just IT staff) on an ongoing basis.

Case studies coming shortly.