Creating Social Cyber Value

All security outcomes in cyberspace are determined by individuals, whose behaviour is shaped by their social setting, whether organisational or cultural. Yet there has been little evidence globally of the necessary adjustment of policy or practice that gives due weight to the social science dimensions. There is a sharp imbalance between investments in cybersecurity technology and investments in social science at almost every level: national government, business enterprise, and academia. This shortcoming is compounded by three others of equal or greater importance. First, the further socio-technical threat of unintended system failures, which may be dubbed “cyber incompetence”, is also largely unstudied outside the technical realm.

Yet it may be even more costly and far more common than the more prominent concern for addressing cyber-attacks. Second, decisions on digital transformation in all organisations can undermine or enhance security and, in turn, are affected by the competence levels of the decision-makers. Third, the susceptibility of leaders, managers and users to be swayed by disinformation generated by the media or even vendors in fast-moving situations is an equally important threat to business and security. We see these four problem sets as inextricably linked, and argue that we can only analyse any one of them by reference to the idea of the “social cyber ecosystem” in which they all exist. It is their interaction in the shared ecosystem that determines all security and welfare outcomes dependent on cyberspace. We argue for the centrality of social science in cyberspace management at all levels of national policy, enterprise development and human welfare.

This 2019 paper introduces a novel concept to help achieve this reorientation: “creating social cyber value”. This refers to optimised information ecosystem performance: maximising benefit while minimising insecurity and incompetence. Moreover, it argues that this can only be attained when the human use and misuse of relevant technology is recognised as central. The new spirit might be based on the conviction that a system-level social retooling is not only feasible but also a social imperative and a moral duty. The benefit of addressing social cyber system value in this proposed comprehensive fashion (insecurity, incompetence, digital transformation, disinformation threats) is that it creates the conditions for the appropriate reflection on important new ethical questions (especially privacy, but also worker values) that are raised afresh in the information age. The paper imagines how a process of radical adjustment to the social and systemic influences of security in cyberspace might be undertaken to deliver more viable social cyber ecosystems that can match escalating novel threats, while more effectively exploiting the untapped potential of the technology-driven information revolution, still in its early stages.