Abstract

AbstractThis chapter focuses on ethical issues in cybersecurity in business. It first sketches the main ethical issues discussed in the academic literature thus far. Next, it identifies some important topics that have not yet received the attention they deserve. The chapter then focuses on one of those topics, ransomware attacks, one of the most prevalent cybersecurity threats to businesses today. It provides a brief overview of the main types of ransomware attacks and discusses businesses’ responsibilities to their stakeholders to respond to them. Daniel Engster’s care-based stakeholder approach is used to assess the responsibilities that businesses have to their stakeholders. The analysis involves establishing who counts as a stakeholder when a ransomware attack occurs and what the stakeholders’ interests might be. Based on stakeholders’ interests, the analysis concludes on whether businesses have an ethical responsibility to their stakeholders to (1) respond to grey hat demands by patching identified vulnerabilities within the given timeframe and (2) respond to black hat demands by paying the ransom.

Highlights

  • Due to the uptake of information and communication technology (ICT) in the business sector, the value of information has increased

  • We introduce Daniel Engster’s care-­ based stakeholder theory which we think can be used as a normative theory to analyse the under debated issues

  • We focus in on ransomware attacks, a topic that has prominently featured in the news in the past few years

Read more

Summary

Introduction

Due to the uptake of information and communication technology (ICT) in the business sector, the value of information has increased. The GDPR in 2018 set the bar for businesses that collect, process, analyse and store EU citizen’s identifiable information. Wenger et al (2017) point to the reputational damage that can result from a successful cyber-attack. They state that a significantly large percentage of consumers are less likely to engage with a business that has been hacked, even if they were not directly affected by the attack. (2) Businesses have a responsibility to ensure that the hardware and software that they use to process, store and analyse identifiable information has an adequate level of security to protect the users who have access to those systems. We focus in on ransomware attacks, a topic that has prominently featured in the news in the past few years

Ethical Issues in Cybersecurity
Gaps in the Literature on Ethics and Cybersecurity
Care-Based Stakeholder Theory
Ransomware Attacks
The Stakeholders and Their Interests
Shareholders
Employees
The Local Community
Customers
Suppliers
Competitors
Hackers
General Public
Grey Hats’ Interests Versus the Other Named Stakeholders’ Interests (1)
Black Hats Interests Versus the Other Named Stakeholders’ Interests (1)
Findings
Responsibilities of Business
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call