Article of Review: Cyberattacks, cyber threats, and attitudes toward cybersecurity policies by Keren Shandler, Shay Zandani, and Daphna Canetti
The article “Cyberattacks, Cyber Threats, and Attitudes Toward Cybersecurity Policies” presents a layered analysis of determinism, relativism, and skepticism. The authors appear to employ the principle of determinism when they relate societal structures and technological growth to perceptual changes affecting individuals’ assessments of cyber threats. What we see as a threat is, according to the authors, largely shaped by the push and pull of external factors—especially societal ones—that mold our attitudes toward certain cybersecurity policies. The authors also use relativism when they examine what they describe as the many interpretations of a cyber threat. They approve of the idea that appears to be gaining currency in some sectors, namely, that a cyber-attack is not a universally understood concept but one that is interpreted in largely different ways depending on context. Lastly, skepticism comes into play when the authors question the effectiveness of existing cybersecurity policies and the motivations that underlie them.
The article asks several relevant questions and proposes several important hypotheses. For instance, it queries how prior experiences with cyber threats affect individuals’ understanding and appreciation of current cybersecurity policies. One key hypothesis—strikingly intuitive and also well-grounded in the authors’ discipline—holds that individuals who have been victimized by cybercrime are much more likely to support (and probably in a more enthusiastic manner) strong, even aggressive, cybersecurity measures.
When it comes to the methods they use for research, the authors take a quantitative approach and rely on surveys to obtain the data they need to inform them about the public’s attitude toward various aspects of cybersecurity. Those surveys seemingly allow the authors to make a rather sweeping and cursory analysis of trends in public opinion over the past year or so, in relation to the events that have taken place and that may have influenced public sentiment. They then use some basic statistical methods to reveal how “significant” these correlations are.
The survey results that the article is based on came from an evaluation of the relationship between individuals’ experiences of cyberattacks and their attitudes toward cybersecurity policies. The authors analyzed these data with statistical tools, most notably regression analysis, that allowed them to assess the part-to-whole relationships between the factors they studied and the overall relationship of these factors to support or opposition to a cybersecurity policy. The analysis consistently demonstrated a clear and strong relationship between awareness of cyber threats and favorable attitudes toward government intervention in cybersecurity.
The article discusses “cyber offending” by analyzing the nature of attacks and their effects on public opinion. When it comes to perception, “human factors” are obviously involved. They are certainly involved when we try to see why people perceive cybersecurity threats, or the policies meant to counter them, in the ways that they do. And “cyber threats” are what we have to understand if we want to get at the heart of why the public supports certain security measures (or perhaps more relevantly, supposes that they are being enacted). After all, some people are more likely to favor certain kinds of measures when they have been “victimized” themselves or know someone who has been.
The piece is concerned with groups that are marginalized, particularly their vulnerability to cyberattacks because they have been able to access cybersecurity resources to a much lower extent than others. This puts them at a greater risk—obviously—and that is also something that the piece talks about. Adding on policies give them little attention creating a digital divide. The study contributes by underscoring the often-overlooked role that public opinion plays in helping to either shape or not shape effective cybersecurity policies and also showing how personal experiences with cyber-attacks influence how the government intervene.