Societal Impacts of Cyber Security in Academic Literature – Systematic Literature Review

Abstract

The 2020 Allianz Risk Barometer, with 39% of responses, ranked cyber incidents as the number one risk threatening business continuity. Any organisation may face a number of challenges e.g. costly data breaches, ransomware incidents, and even litigation after an event. The Internet has, in many ways, changed society, transformed businesses, organisational communication and learning. People can now interact through social networking platforms. Modern society has become very technology driven, as ICT is now an integral component in peoples’ lives. However, besides the many benefits that the Internet and other ICT technology bring, there are also threats, such as cyber-attacks looking to exploit vulnerabilities in ICT applications and systems. This study is a systematic literature review that explores how societal impacts of cyber security in modern society are discussed in academic literature. The Introduction discusses the overall importance of cyber security in today’s society. The body of this paper presents the method in which the literature review was conducted, and a concise summary of the findings that answer the research question: How are societal impacts of cyber security discussed in academic literature? Six categories of investigation of societal impacts of cyber security are identified: 1) Impacts on Social and Societal Levels, 2) Detection of cyber-crime and incidents, 3) Critical infrastructures and services, 4) Impacts of incidents and individual technology, 5) Cybersecurity awareness, and 6) Cybersecurity and collaboration. Lastly, the conclusions, based on the research findings, address the feasibility, impact, strengths, weaknesses and possible ethical concerns of cybersecurity. This paper contributes to the overall understanding of current societal impacts of cyber security, and this understanding benefits the development of methods that assess societal impacts, as well as provides focus for future training and development of cyber and e-skills needed for better awareness of cyber threats, and to better address possible cyber incidents.