Scoping the ethical principles of cybersecurity fear appeals
- PDF / 1,830,686 Bytes
- 20 Pages / 595.276 x 790.866 pts Page_size
- 20 Downloads / 187 Views
ORIGINAL PAPER
Scoping the ethical principles of cybersecurity fear appeals Marc Dupuis1 · Karen Renaud2
© The Author(s) 2020
Abstract Fear appeals are used in many domains. Cybersecurity researchers are also starting to experiment with fear appeals, many reporting positive outcomes. Yet there are ethical concerns related to the use of fear to motivate action. In this paper, we explore this aspect from the perspectives of cybersecurity fear appeal deployers and recipients. We commenced our investigation by considering fear appeals from three foundational ethical perspectives. We then consulted the two stakeholder groups to gain insights into the ethical concerns they consider to be pertinent. We first consulted deployers: (a) fear appeal researchers and (b) Chief Information Security Officers (CISOs), and then potential cybersecurity fear appeal recipients: members of a crowdsourcing platform. We used their responses to develop an effects-reasoning matrix, identifying the potential benefits and detriments of cybersecurity fear appeals for all stakeholders. Using these insights, we derived six ethical principles to guide cybersecurity fear appeal deployment. We then evaluated a snapshot of cybersecurity studies using the ethical principle lens. Our contribution is, first, a list of potential detriments that could result from the deployment of cybersecurity fear appeals and second, the set of six ethical principles to inform the deployment of such appeals. Both of these are intended to inform cybersecurity fear appeal design and deployment. Keywords Fear appeals · Cybersecurity · Ethics · Ethical principles
Introduction Fear is defined by Walton (2010, p. 178), as an emotion that moves people powerfully to action, and may tend to make them put more careful considerations of the complex features of a situation aside. A fear appeal usually packages some fear “trigger”, together with an action that the fear appeal designer wants the recipient to take. The consequence, so the theory goes, is that the fear appeal recipient will seek to reduce the negative emotion by taking the recommended action (Frijda et al. 1989). Fear appeals have spread from use in religion (Ragsdale and Durham 1986) (centuries) to a variety of other domains, including smoking (Hamilton et al. 2000), nuclear radiation * Marc Dupuis [email protected] Karen Renaud [email protected] 1
Computing and Software Systems, University of Washington, Box 358534, Bothell, WA 98011, USA
School of Design and Informatics, Abertay University, Bell Street, Dundee, Scotland DD1 1HG, UK
2
(Dillard 1994), alcohol abuse (Stainback and Rogers 1983) and, recently, cybersecurity1 (Johnston and Warkentin 2010; Johnston et al. 2015; Vance et al. 2013). Fear appeals are delivered via a variety of channels including, for example, on cigarette packets, in health practitioners’ waiting rooms and via a computer’s user interface (Fig. 12). While many advocate the use of fear appeals (Johnston and Warkentin 2010; Johnston et al. 2015; Vance et al. 2013; Beck 1984;
Data Loading...
