In the ever-evolving domain of cybersecurity, it’s crucial to place security behavior change within the broader context of security theories. Traditionally, cybersecurity has its roots in computer and network security, but in today’s interconnected world, it extends far beyond that, intertwining with political, economic, and social dimensions.
As highlighted by security scholars Lene Hansen and Helen Nissenbaum, cybersecurity is more than just technical measures to protect computer systems; it carries significant political, economic, and social implications. For instance, consider the protection of a voting register. Beyond its immediate economic value, a compromised voting register could undermine public trust in the electoral process, carrying both political and social consequences.
The Intersection of Security Theories
The integration of various security concepts is vital to understanding the motivations behind digital security controls. Traditional security thinking, rooted in the existential concern of protecting life from death, has historically focused on territorial defense—visualized through motifs like medieval castles. As nations evolved, so did the approaches to security, moving from purely military strategies to include economic treaties, defense pacts, and more nuanced theories like human security, which emphasizes the safety and well-being of individuals over state-centric concerns.
Cybersecurity intersects with all these security theories. For example, human security emphasizes the protection of individuals, particularly in conflict zones or refugee situations. Ontological security, on the other hand, delves into the psychological aspects of security, focusing on how individuals experience safety through identity, trust, routine, and safety. Societal security examines the combination of state-based and human security to safeguard societal structures.
Cybersecurity Behavior Change: A Multifaceted Approach
A successful cybersecurity behavior change strategy must consider these diverse security perspectives to align with broader societal contexts. This includes engaging with how individuals experience proposed behavior changes and ensuring that security interventions are ethical and beneficial to all stakeholders.
For example, the UK’s approach to developing a cyber strategy illustrates this multifaceted understanding. The strategy comprises three layers:
- Layer 1 – The integrated review that sets out a broad security analysis combining defense, foreign policy, and overseas development, framing cybersecurity as a national effort.
- Layer 2 – The national cyber strategy, which operationalizes the findings of the integrated review, aiming to make the UK a responsible cyber power.
- Layer 3 – The cybersecurity strategy that focuses on protecting core government functions from cyber threats, emphasizing cybersecurity culture as a key element.
This strategy reflects the dual modes of security identified by theorist Paul Roe: positive security (the ability to live free from fear of threat) and negative security (the ability to protect against harm). Both are essential for a secure society and must be addressed in cybersecurity behavior change programs.
Conclusion
Understanding security behavior change within the wider landscape of security theories provides a comprehensive framework for developing effective cybersecurity strategies. By considering the political, economic, and social dimensions of security, along with the historical and theoretical underpinnings, organizations can craft nuanced behavior change programs that not only protect digital assets but also support broader societal and individual security.
We love to share our knowledge on current technologies. Our motto is ‘Do our best so that we can’t blame ourselves for anything“.