Public and legislative demand for stronger cybersecurity policies have become increasingly heard, especially after some high–profile events such as the Colonial Pipeline and SolarWinds breaches in 2021 (Snider et al. 2021). These breaches were believed to have been possible due to a lack of information availability from the government to cybersecurity professionals managing critical infrastructure, leading to devastating blows to our national and economic security (Snider et al. 2021).
Implementing cybersecurity policies comes with the tradeoff that increasing security will reduce freedom and some policies have the potential to be seen as intrusive by those meant to be protected by them. Cyberattacks, cyber threats, and attitudes toward cybersecurity policies, an entry from the Journal of Cybersecurity, published a study to examine how exposure to cyberattacks influences public support for intrusive cybersecurity policies, and how threat perception mediates this relationship.
Their experimentation method involved subjecting 1,022 Israeli adults, selected through careful surveying, to be split into 3 groups, “control” who would be exposed to normal news, “lethal” who would be subjected to simulated news of cyberattacks that end in mortality, and “non-lethal” group which would see simulated news of hacking which did not result in death. Once the groups completed their simulated news videos, they were tasked with completing a survey allowing the researchers to analyze variance in their responses with the highest group in favor of regulations being the one exposed to the simulated lethal attacks.
The methods utilized allowed for an opportunity to study how people responded to perceived threat, how public opinion can influence and shape policy development, and through simulation – how media can affect and influence people as a whole; their study provided key insight to principles which align with ideas from behavioral psychology, political science, and sociology. The study did not focus on marginalized groups but it is worth considering how some users with less digital literacy could be victimized by intrusive regulations such as mandatory compliance, increased surveillance, or other things which could disproportionally effect people who dont have the resources or knowledge necessary to successfully navigate the digital protections efficiently. It is also worth considering how involvement from minority groups could be valuable in such fear driven policy making so that they are not left vulnerable unintentionally.
The work by Snider, Shanlder, Zandani, and Canetti provides valuable insight into how public attitude towards regulation can be directly affected by cyber events and an increased threat awareness provided by the simulated media reports the participants watched. Using this information, lawmakers armed with this behavior research can craft policies that better align with concerns and perceptions of the public. This would prevent laws from being crafted that do not align with the current stage and not apt to receive positive feedback; their research allows for developers to avoid creating solutions for problems which don’t exist and instead craft evidence-based regulations which align more with an informed people’s interests.

References:
Snider, K. L. G., Shandler, R., Zandani, S., & Canetti, D. (2021). Cyberattacks, cyber threats, and attitudes toward cybersecurity policies. Journal of Cybersecurity, 7(1), tyab019. https://doi.org/10.1093/cybsec/tyab019