Global Security, Privacy, & Risk Management

“Failed State of Security” Part II; Cybercrime Victim Blaming May 18, 2014

I am proud to release another research brief that is Part II of my “Failed State of Security” series in which I discuss and analyze victim blaming in the context of data security.  In 2012 I published a research brief titled “A Failed State of Security: A Rational Analysis of Deterrence Theory and The Effect on CyberCrime.” in which I discussed the failing of law enforcement, and cybersecurity to deter cyber events and discussed the theory of deterrence and the need for deterrence within cybersecurity.  You can download the article on IDGA’s website or on my own website here.  This paper is part II of the “Failed State of Security” series.  Started after the Target data breach, this topic is one that has always been close to me.  In April 2009 I wrote an article titled “Lessons from the Heartland Breach” which was published as the cover story by TransactionWorld magazine.

Victim blaming is common in sexual assault, as well as other types of crimes.  A quick Internet search will demonstrate scores of instances in which the victim of a violent is blamed for being victimized.   When we include a large, corporate entity it becomes easier to point the accusatory finger at the organization.  Whether due to Schadenfreude or some other reason, people want to blame companies that are victimized by hackers.  Did the company “cause” the breach?  Were they somehow complicit in the attack?  What do we mean when we say “cause”?  What is a causal fallacy?  These, and many more topics, are discussed in Part II of the “Failed State of Security” series.  I invite you to download “Failed State of Security Part II”; Victim Blaming in Cybercrime.  As always, I welcome any comments or debate on the topic…