Cybersecurity regulation is not one-size-fits-all

Differences in cultural values have led some countries to tackle the spectre of cyberattacks with increased internet regulation, whilst others have taken a ‘hands-off’ approach to online security – a study shows.

cybersecurity regulation differences

Internet users gravitate towards one of two ‘poles’ of social values. Risk-taking users are found in ‘competitive’ national cultures prompting heavy regulation, whilst web users in ‘co-operative’ nations exhibit less risky behavior requiring lighter regulation.

Researchers at the University of Birmingham used cultural value measurements from 74 countries to predict the Global Cybersecurity Index (GCI), which measures state commitments of countries to cybersecurity regulation.

Cybersecurity regulation differences

Dr. Alex Kharlamov, from Birmingham Law School, and Professor Ganna Pogrebna, from Birmingham Business School, demonstrated that differences in cybersecurity regulation, measured by GCI, stem from cross-cultural differences in human values between countries. They also showed how cultural values mapped onto national commitments to regulate and govern cybersecurity.

In China, where people are more risk taking than American and British web users across five categories of risk behaviors, regulation is far stricter than in the USA, which in turn is tighter than the UK.

Dr. Kharlamov and Professor Pogrebna showed that this corresponded to the countries’ relative positions on the cultural value scale, with China closer to ‘competitive’ than the USA, which in turn is closer to this ‘pole’ than the UK.

Dr. Kharlamov commented: “We spend most of our lives in the digital domain and cyberattacks not only lead to a significant financial damage, but also cause prolonged psychological harm – using social engineering techniques to trick people into doing something they otherwise would not want to do.

“Irresponsible use of digital technologies, such as the Cambridge Analytica case, cause harm to many citizens and tell us that Internet regulation is imminent. It is vital to understand the origins of human behavior online, as well as values and behavioral patterns.”

Risky online behavior

The five categories of risk behavior – cybersecurity, personal data, privacy, cybercrime and negligence – each consisted of six behavioral examples such as:

  • Not using anti-virus or antimalware protection (cybersecurity)
  • Providing private information, such as your email address, to obtain free WiFi in public places such as coffee shops, airports and train stations (personal data)
  • Linking multiple social media accounts such as Twitter, Facebook and Instagram (privacy)
  • Using insecure connections or free WiFi (cybercrime)
  • Letting web browsers remember passwords (negligence)

Professor Ganna Pogrebna said: “Culture shapes the way we govern cyber spaces. Human values lie at the core of the human risk-taking behavior in the digital space, which, in turn has a direct impact on the way in which digital domain is regulated.

“We talk about establishing overarching international online regulation, such as a new International Convention of Human Digital Rights. Yet, it seems the main reason why the international community fails to agree on such regulation has deep cultural underpinning.”

Share this