Differences in cultural values have led some countries to tackle cyber attacks with increased internet regulation, while others have taken a ‘hands-off’ approach to online security, says a research report. 

"Internet users gravitate towards one of two ‘poles’ of social values. Risk-taking users are found in ‘competitive’ national cultures prompting heavy regulation, while web users in ‘co-operative’ nations exhibit less risky behavior requiring lighter regulation," says the study. 

Researchers at the University of Birmingham used cultural value measurements from 74 countries to predict the Global Cybersecurity Index (GCI), which measures state commitments of countries to cybersecurity regulation. The report,  ‘Using human values-based approach to understand cross-cultural commitment toward regulation and governance of cybersecurity’ by Dr. Alexander Kharlamov, from Birmingham Law School and Professor Ganna Pogrebna, from Birmingham Business School, is published by Regulation & Governance.

In the study, Dr. Kharlamov and Professor Pogrebna demonstrated that differences in cybersecurity regulation, measured by GCI, stem from cross-cultural differences in human values between countries, says an University of Birmingham press release. They also showed how cultural values mapped onto national commitments to regulate and govern cybersecurity.

In China, where people are more risk taking than American and British web users across five categories of risk behaviors, regulation is far stricter than in the USA, which in turn is tighter than the UK, says the University of Birmingham. Dr. Kharlamov and Professor Pogrebna showed that this corresponded to the countries’ relative positions on the cultural value scale, with China closer to ‘competitive’ than the USA, which in turn is closer to this ‘pole’ than the UK.

Dr. Kharlamov commented, “We spend most of our lives in the digital domain and cyber attacks not only lead to a significant financial damage, but also cause prolonged psychological harm - using social engineering techniques to trick people into doing something they otherwise would not want to do. Irresponsible use of digital technologies, such as the Cambridge Analytica case, cause harm to many citizens and tell us that Internet regulation is imminent. It is vital to understand the origins of human behavior online, as well as values and behavioral patterns.”

The five categories of risk behavior - cybersecurity, personal data, privacy, cybercrime and negligence – each consisted of six behavioral examples such as:

• Not using anti-virus or antimalware protection (cybersecurity)
• Providing private information, such as your email address, to obtain free WiFi in public places such as coffee shops, airports and train stations (personal data)
• Linking multiple social media accounts such as Twitter, Facebook and Instagram (Privacy)
• Using insecure connections or free WiFi (Cybercrime)
• Letting web browsers remember passwords (Negligence)

Professor Ganna Pogrebna said, “Culture shapes the way we govern cyber spaces. Human values lie at the core of the human risk‐taking behavior in the digital space, which, in turn has a direct impact on the way in which digital domain is regulated. We talk about establishing overarching international online regulation, such as a new International Convention of Human Digital Rights. Yet, it seems the main reason why the international community fails to agree on such regulation has deep cultural underpinning.”

GCI is produced by the International Telecommunications Union and assesses each country’s engagement with cybersecurity regulatory processes in five areas: Legal, Technical, Organizational, Capacity Building and Co-operation. The research paper can be found at: https://onlinelibrary.wiley.com/doi/epdf/10.1111/rego.12281