Differences in cultural values have led some countries to tackle the spectre of cyber-attacks with increased internet regulation, whilst others have taken a 'hands-off' approach to online security—a new study shows.
Internet users gravitate towards one of two 'poles' of social values. Risk-taking users are found in 'competitive' national cultures prompting heavy regulation, whilst web users in 'co-operative' nations exhibit less risky behaviour requiring lighter regulation.
Researchers at the University of Birmingham used cultural value measurements from 74 countries to predict the Global Cybersecurity Index (GCI), which measures state commitments of countries to cybersecurity regulation.
Dr. Alex Kharlamov, from Birmingham Law School, and Professor Ganna Pogrebna, from Birmingham Business School, published their findings in Regulation & Governance.
They demonstrated that differences in cybersecurity regulation, measured by GCI, stem from cross-cultural differences in human values between countries. They also showed how cultural values mapped onto national commitments to regulate and govern cyber-security.
In China, where people are more risk taking than American and British web users across five categories of risk behaviours, regulation is far stricter than in the USA, which in turn is tighter than the UK.
Dr. Kharlamov and Professor Pogrebna showed that this corresponded to the countries' relative positions on the cultural value scale, with China closer to 'competitive' than the USA, which in turn is closer to this 'pole' than the UK.
Dr. Kharlamov commented: "We spend most of our lives in the digital domain and cyber-attacks not only lead to a significant financial damage, but also cause prolonged psychological harm—using social engineering techniques to trick people into doing something they otherwise would not want to do.
"Irresponsible use of digital technologies, such as the Cambridge Analytica case, cause harm to many citizens and tell us that Internet regulation is imminent. It is vital to understand the origins of human behaviour online, as well as values and behavioural patterns."
The five categories of risk behaviour—cyber-security, personal data, privacy, cyber-crime and negligence—each consisted of six behavioural examples such as:
- Not using anti-virus or antimalware protection (cyber-security)
- Providing private information, such as your email address, to obtain free WiFi in public places such as coffee shops, airports and train stations (personal data)
- Linking multiple social media accounts such as Twitter, Facebook and Instagram (Privacy)
- Using insecure connections or free WiFi (Cyber-crime)
- Letting web browsers remember passwords (Negligence)
Professor Ganna Pogrebna said: "Culture shapes the way we govern cyber spaces. Human values lie at the core of the human risk-taking behaviour in the digital space, which, in turn has a direct impact on the way in which digital domain is regulated.
"We talk about establishing overarching international online regulation, such as a new International Convention of Human Digital Rights. Yet, it seems the main reason why the international community fails to agree on such regulation has deep cultural underpinning."
GCI is produced by the International Telecommunications Union and assesses each country's engagement with cybersecurity regulatory processes in five areas: Legal, Technical, Organizational, Capacity Building, and Co-operation.
More information: Alexander Kharlamov et al. Using human values‐based approach to understand cross‐cultural commitment toward regulation and governance of cybersecurity, Regulation & Governance (2019). DOI: 10.1111/rego.12281
Provided by University of Birmingham