One of the major types of careers in cybersecurity is Risk Management. Risk Management can
be one of the less technical focuses; this one is important to understanding social dynamics and
policy. The type of social sciences that is used in the job is mainly education,economics, and
anthropology.
Risk management is important to companies because it keeps costs down, whether that is with
the people, the building, and especially the systems that they are using to keep the business
running. Risk management is not only for fortune 500 companies but as well as fast food places,
small businesses, and with people that do not have business at all. “The average number of
security breaches grew by 11% from 130 in 2017 to 145 in 2018 per organization. The average
cost of cybercrime for an organization increased from $1.4 million to $13 million”(Lee). Being
able to understand how much is being spent when trying to protect the enterprise of the company
is a very important thing. The social science that the Risk Management team is using is
analyzing the data and the cost of having more protections on their enterprise. They also need to
understand the types of threats that can happen which means that one does not have
cybersecurity experience. It would be easier and help them have more understanding about the
threats that they are measuring. “The systems operate in a rapidly changing socio-political-
technological environment that presents threats from individuals and groups with shifting
alliances, attitudes, and agendas.”(Stine). The education factor of social sciences really applies to
this because of the ever changing and dynamic cyber threats.Being able to teach on the warning
signs of a cyberthreats to people that may not have the most experience with cybersecurity. The management team would also need to develop the curriculum for the awareness, which can be a
difficult and time consuming task seeing as they need to be updated regularly since cybersecurity
is always changing. In their daily life, they would be making powerpoints to teach prevention
maintenance and then having something that touches on the fact of how the company should
have acted on a threat that already happened. Another type of social science that is used in Risk
Management is anthropology , which is the study of behaviors. With having a study in behavior
it is easier to understand where the cyber threats trends are rising and while others are declining.
“The result of using a prevention-centric strategy is that organizations are better equipped to deal
with cybersecurity threats that are static and predictable”(Naseer et al). While cyber security is
always changing and evolving, any threats are using the same basic building blocks that have
been there. If the company is able to understand the basics of a cyberthreat, they will be able to
protect themselves. Having risk management in a company is a newer phenomenon before the
duty of protecting the network and the company from outside threats were the IT’s job , but that
is a very technical space and it is harder to teach a person because they feel like they should be
able to just understand. Anthropology explores the influence of humans on cybersecurity
practices, once companies realized that it is cheaper that if they hired someone to prevent the
threats rather than wait until it happens and then have to pay for someone to get rid of the virus
or worm in the network. Risk management is a very important part of the operations in
companies because they prevent the need to spend a lot of money on cyber threats. They also
should have a team that makes the education of their coworkers their number one priority.
Studying the trends in cyber security will help companies stay on top of the cyber trends.

Lee, In. “Cybersecurity: Risk Management Framework and Investment Cost Analysis.” vol. 64,
Business Horizons, 2021, p. 13.
Naseer, Humza et al. “Cybersecurity Risk Management Using Analytics: A Dynamic
Capabilities Approach.” 2018.
Stine, Kevin et al. Integrating Cybersecurity and Enterprise Risk Management 2020.