Abstract
AbstractThis chapter focuses on ethical issues in cybersecurity in business. It first sketches the main ethical issues discussed in the academic literature thus far. Next, it identifies some important topics that have not yet received the attention they deserve. The chapter then focuses on one of those topics, ransomware attacks, one of the most prevalent cybersecurity threats to businesses today. It provides a brief overview of the main types of ransomware attacks and discusses businesses’ responsibilities to their stakeholders to respond to them. Daniel Engster’s care-based stakeholder approach is used to assess the responsibilities that businesses have to their stakeholders. The analysis involves establishing who counts as a stakeholder when a ransomware attack occurs and what the stakeholders’ interests might be. Based on stakeholders’ interests, the analysis concludes on whether businesses have an ethical responsibility to their stakeholders to (1) respond to grey hat demands by patching identified vulnerabilities within the given timeframe and (2) respond to black hat demands by paying the ransom.
Highlights
Due to the uptake of information and communication technology (ICT) in the business sector, the value of information has increased
We introduce Daniel Engster’s care- based stakeholder theory which we think can be used as a normative theory to analyse the under debated issues
We focus in on ransomware attacks, a topic that has prominently featured in the news in the past few years
Summary
Due to the uptake of information and communication technology (ICT) in the business sector, the value of information has increased. The GDPR in 2018 set the bar for businesses that collect, process, analyse and store EU citizen’s identifiable information. Wenger et al (2017) point to the reputational damage that can result from a successful cyber-attack. They state that a significantly large percentage of consumers are less likely to engage with a business that has been hacked, even if they were not directly affected by the attack. (2) Businesses have a responsibility to ensure that the hardware and software that they use to process, store and analyse identifiable information has an adequate level of security to protect the users who have access to those systems. We focus in on ransomware attacks, a topic that has prominently featured in the news in the past few years
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have