Do Cultural Differences Account for Global Gap in Online Regulation?

December 2, 2019

Differences in cultural values have led some countries to tackle cyber attacks with increased internet regulation, while others have taken a ‘hands-off’ approach to online security, says a research report.

"Internet users gravitate towards one of two ‘poles’ of social values. Risk-taking users are found in ‘competitive’ national cultures prompting heavy regulation, while web users in ‘co-operative’ nations exhibit less risky behavior requiring lighter regulation," says the study.

Researchers at the University of Birmingham used cultural value measurements from 74 countries to predict the Global Cybersecurity Index (GCI), which measures state commitments of countries to cybersecurity regulation. The report, ‘Using human values-based approach to understand cross-cultural commitment toward regulation and governance of cybersecurity’ by Dr. Alexander Kharlamov, from Birmingham Law School and Professor Ganna Pogrebna, from Birmingham Business School, is published by Regulation & Governance.

In the study, Dr. Kharlamov and Professor Pogrebna demonstrated that differences in cybersecurity regulation, measured by GCI, stem from cross-cultural differences in human values between countries, says an University of Birmingham press release. They also showed how cultural values mapped onto national commitments to regulate and govern cybersecurity.

In China, where people are more risk taking than American and British web users across five categories of risk behaviors, regulation is far stricter than in the USA, which in turn is tighter than the UK, says the University of Birmingham. Dr. Kharlamov and Professor Pogrebna showed that this corresponded to the countries’ relative positions on the cultural value scale, with China closer to ‘competitive’ than the USA, which in turn is closer to this ‘pole’ than the UK.

Dr. Kharlamov commented, “We spend most of our lives in the digital domain and cyber attacks not only lead to a significant financial damage, but also cause prolonged psychological harm - using social engineering techniques to trick people into doing something they otherwise would not want to do. Irresponsible use of digital technologies, such as the Cambridge Analytica case, cause harm to many citizens and tell us that Internet regulation is imminent. It is vital to understand the origins of human behavior online, as well as values and behavioral patterns.”

The five categories of risk behavior - cybersecurity, personal data, privacy, cybercrime and negligence – each consisted of six behavioral examples such as:

Not using anti-virus or antimalware protection (cybersecurity)
Providing private information, such as your email address, to obtain free WiFi in public places such as coffee shops, airports and train stations (personal data)
Linking multiple social media accounts such as Twitter, Facebook and Instagram (Privacy)
Using insecure connections or free WiFi (Cybercrime)
Letting web browsers remember passwords (Negligence)

Professor Ganna Pogrebna said, “Culture shapes the way we govern cyber spaces. Human values lie at the core of the human risk‐taking behavior in the digital space, which, in turn has a direct impact on the way in which digital domain is regulated. We talk about establishing overarching international online regulation, such as a new International Convention of Human Digital Rights. Yet, it seems the main reason why the international community fails to agree on such regulation has deep cultural underpinning.”

GCI is produced by the International Telecommunications Union and assesses each country’s engagement with cybersecurity regulatory processes in five areas: Legal, Technical, Organizational, Capacity Building and Co-operation. The research paper can be found at: https://onlinelibrary.wiley.com/doi/epdf/10.1111/rego.12281

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Do Cultural Differences Account for Global Gap in Online Regulation?

Related Articles

Related Events

Report Abusive Comment