Thursday, December 21, 2017

Cybersecurity, risk perceptions, predictions and trends for 2018

A quick update on research into Americans' perception of risks related to digital technology, as well as some predictions for cybersecurity in 2018.

Risk perception and cybersecurity

Over the summer I conducted some research with my ESET colleague (@LysaMyers) on the topic of risk perception as it relates to hazards arising from the use of digital technologies, which can be termed "cyber risks" for short. Our goal was to better understand why different people see different levels of risk in a range of hazards, and why some people listen to experts when it comes to levels of risk, but others do not.

For the past few months we have been analyzing and reporting on this work. Several of our findings proved newsworthy, like the extent to which concerns about criminal hacking has permeated American culture. This was the subject of an ESET press release.

We also documented evidence of a phenomenon that others have dubbed the "White Male Effect" in risk perception. First documented in 1994 with respect to a range of hazards, you can see in in our 2017 survey results here:

You can see more results of our research in several formats, from long to short:
For background on the cultural theory of risk perception that we used in our research, I encourage you to check out Dan Kahan's papers at the Cultural Cognition Project at Yale Law School. Prof. Kahan was very helpful to us as we designed our survey instrument (which is available to anyone who would like to repeat the survey).

Cybersecurity trends and predictions

As usual, I participated in ESET's annual review of security trends, this year contributing a chapter on critical infrastructure hacks, new malware for which was discovered by my colleagues. The Trends report is available here:

Another annual ritual is my predictions webinar. A full recording of the December 2017 webinar that looks ahead to 2018 is available to watch on demand. Access is gated, but I think it is worth registering and should not result in a bunch of spam. Here is the agenda, click to access:

Note that regulatory risks was the top theme. And the regulation that tops them all is GDPR, the General Data Protection Regulation that comes into effect in May of 2018. I wrote about GDPR several times this year. In fact, the following article was my most widely read contribution to WeLiveSecurity in 2017:

Here's to all of us enjoying a safer year in 2018!