How attitudes to cybersecurity vary between countries


Will emerging economies ever see eye to eye with developed countries on cybersecurity? The Chinese president, Xi Jinping, seems to hope so. He recently visited the White House to talk cyber-co operation. The upshot was a tentative understanding that the countries would end state-sponsored cyberattacks (without ever admitting, of course, that either had engaged in any). The countries would also seek out “new international rules of the road for appropriate conduct in cyberspace,” they said.

This is all very promising, if for no other reason than that they’re at least acknowledging the issue, and have reached this point after a series of stops and starts. They face a difficult task, because international law is sketchy when it comes to governmental involvement in cyberspace.

After all, while terrestrial battlefields are well-travelled, newer ones are naturally less well understood. Governments have spent only the last half-century figuring out how to fold orbital space into their plans. With its even shorter lifespan, cyberspace really is the final frontier.

Attitudes to the Internet and the government’s role in it vary not just between leaders, but between populations. Recently, SecTor founder Bruce Cowper presented at the Vancouver Technology User Group (VanTug). His presentation, Cybersecurity Schmibersecurity, what do I care? highlighted the results of a multi-national survey on IT security issues.

Conducted by Microsoft, the 4500-person survey included around 7-800 people from each of various emerging markets, including all the countries in the BRIC nations (Brazil, Russia, India and China). It found entirely different attitudes in several areas, including how worried people should be about cyberattacks.

Data breach differences

One of the biggest contrasts between the BRIC nations and Canada was the level of concern over data breaches. In Canada, barely half of the respondents showed a high level of concern over breaches, and almost one in five showed no concern at all. In the BRIC, this trend reversed dramatically. In China, for example, 80% of respondents were highly concerned about having their data compromised.

Even Brazil, whose respondents had the least level of concern over data breaches within the BRIC, still topped Canada by a mile. Over six in every ten Brazilian respondents were deeply concerned about the issue.

This may explain why so many people in emerging markets wanted their government to play an active hand in protecting them. Around 45% of Canadians strongly agreed that their government should protect their computers from foreign espionage or military activity, but this number was once again topped by emerging economies, with India and China characteristically leading the BRIC. Over 60% of respondents in both these countries were eager to assign responsibility for this to the government.

Using the Internet as a weapon

BRIC respondents were similarly eager for their governments to be offensive, rather than simply defensive, in cyberspace. They were far more gung-ho than Canadians about governmental use of the Internet as a platform to gain advantage over others.

Almost six in ten Chinese respondents felt that the government should use the Internet to gain or maintain economic advantage over foreign nations. Only a quarter of Canadians felt the same way. The contrast was just as pronounced when looking at governmental use of the Internet for the military to the upper hand.

Leaders may agree in principle on cybersecurity issues, but after all the talks are completed and speeches given, there are cultural and economic hurdles to jump. We could postulate on why attitudes differ so widely between respondents in the BRIC countries and Canada. They are doubtless informed by a mixture of political, cultural, and economic history.

None of this necessarily means that Canadian companies should change their perspective and look to their government for the answer to their problems. But it does mean that they can learn a lot about their own cybersecurity stance by comparing their attitudes to other nations.

In particular, the fact that Canadians seem relatively sanguine about data breaches tells us something important. Our first task is clear. We should think a little more about the clear and present dangers facing our networks, because so far, we have not thought about it enough. Clearly, elsewhere in the world, people already are.

Interested in finding out more? Register at SecTor, which takes place at Metro Toronto Convention Centre in downtown Toronto on October 20-21, with a training day on October 19.