The stakeholder is a term for an individual impacted by a corporation’s activities, and is in contrast to the idea of shareholder, which is a part owner of the corporation. It originated from Ian Mitroff’s book “Stakeholders of the Organizational Mind” and broadens the idea of corporate responsibility in relation to society. Business focused corporations are created to produce profits for the owners or shareholders from the creation of goods or services. The stakeholder is a concept used to explore the ethical relationship between the corporation and society. Stakeholders fall into two categories, internal such as employees or executives, and external which could include customers, suppliers, neighbors, or the government.
Cybersecurity is a business process and like any other business process, has a finite budget. The yearly budget can range from $0 to millions of dollars with (hopefully) an increase in spending leading to and increased security level. The security level needed is dependent on the data held and the impact of a breach of a data breach on the operations and profits of the corporation. Ethics of stakeholder theory requires that the impact of the data breach be examined also relative to the interests of the stakeholders. Experian’s enormous data breach didn’t impact its operational readiness, but did have wide ranging impact on the people with leaked private financial records. Experian didn’t spend enough resources on data security. Ethically, a corporation must spend sufficient resources to protect the private data of all stakeholders.
Social contract theory assigns corporations, as members of the community, a moral obligation to protect the private data of its stakeholders. The corporation may hold internal stakeholder data such as employee records, or external stakeholder data such as customer financial data or vendor records. The higher the privacy needs of data, the more stringent the data security requirements and the more resources needed to be budgeted by the corporation. While there is a correlation between high security and cost of solutions, a large financial expenditure doesn’t necessarily mean a secure data infrastructure. The cybersecurity budget must be balanced between profitability and social responsibility.