Advances in cybersecurity must focus on increasing trust in digital technologies, according to Professor Adam Joinson, director of DiscribeHub+ and Professor of Information Systems at the University of Bath. This message was delivered during a talk about the socioeconomic impact of security on trust at the final leg of Digital Security by Design (DSbD) Roadshow in Northern Ireland, UK, this week.
Joinson began by describing the large and growing concern over security and privacy among consumers and its impact. He cited numerous studies detailing this trend; for example, data from the Pew Research Center showed that 81% of people believe the potential risks they face because of data collection by companies outweigh the benefits.
Joinson also highlighted the rising costs of breaches to organizations. He noted findings from the UK government’s Cyber Breaches Survey 2021, which showed that the average cost of a breach is around £8000. In addition, Joinson displayed research that found the average cost of remediating a ransomware attack in the UK, whether through paying a ransom or rebuilding systems, is just under $2m. “Clearly, insecurity has a major economic cost for businesses,” noted Joinson.
While breaches often negatively impact businesses’ stock prices, “quite depressingly,” there is rarely a corresponding positive effect when organizations announce a big investment in cybersecurity. In 75% of studies conducted on this area, “announcing that you were making a big investment in security had no impact on your share price – people did not reward you for investing in security in terms of your stock,” said Joinson.
A major barrier to adopting strong cybersecurity measures in organizations is the attitude of employees, according to Joinson. “For most people, security is something that stops them from achieving their goals,” he noted, adding: “What we see is huge levels of frustration amongst workers in terms of the policies and processes that security puts on them.” This frustration is a major factor in why large numbers of people don’t accept updates on their computers, “because we know most of the time that updates make your computing experience worse.”
Joinson also highlighted another trend that is decreasing trust in computers – the increasing use of surveillance “as a security control and mechanism” during COVID-19 and the shift to remote work. “We’ve known for years that increasing surveillance and control in the workplace leads to lower morale, lower levels of trust and increased turnover.”
These factors have led to security being viewed negatively by workers, making their jobs worse.
As a result, there needs to be a significant shift in the way cybersecurity is communicated and implemented, highlighting its role as “a public good” that we all benefit from, according to Joinson. He noted we already view measures in areas like clean air and national security, which should also be the case for cybersecurity.
Joinson went on to discuss the importance of growing trust in technology, which is at a low ebb. “If we increase monitoring and surveillance through control, we actually reduce the need for trust within a system,” he stated.
The most recent Edelman Trust Barometer showed that “large numbers of people are worried about technology and the pace of technological change.” This is particularly the case with emerging technologies like AI.
Joinson asked: “How can security address this trust problem we have?” He argued this could be achieved through two key means – competence and ethics. Regarding competence, keeping data both secure and working can enhance trust levels. For ethics, it is about developing strong boundaries, creating “a belief and understanding that the information will stay within the boundaries that you’ve set.”
Paradoxically, “trust cannot flourish in a perfectly secure world.” Joinson explained that in a world where everything is assured, controlled and tracked, “we cannot have the vulnerability needed to demonstrate that we can be trusted.”
Therefore, surveillance and control are not the right approaches to take to grow trust in the digital world. Joinson concluded: “The way we can actually start building trust, and a trusted digital future, is through technology that supports these boundaries and the confidentiality and integrity within these boundaries, rather than increased levels of monitoring, surveillance and control.”