The stakeholder is a term for an individual impacted by a corporation’s activities, and is in contrast to the idea of shareholder, which is a part owner of the corporation. It originated from Ian Mitroff’s book “Stakeholders of the Organizational Mind” and broadens the idea of corporate responsibility in relation to society. Business focused corporations are created to produce profits for the owners or shareholders from the creation of goods or services. The stakeholder is a concept used to explore the ethical relationship between the corporation and society(Mitroff, 1983, pp. 131-132). Stakeholders fall into two categories, internal such as employees or executives, and external which could include customers, suppliers, neighbors, or the government.
Cybersecurity is a business process and like any other business process, has a finite budget. A yearly budget can range from thousands to millions of dollars depending on the size of the network and the strength of security requirements, with (hopefully) an increase in spending leading to an increased security level. The security level requirement is dependent on the sensitivity of data held and the impact of a breach of a data breach on the operations and profits of the corporation. Ethics of stakeholder theory requires that the impact of the data breach be examined also relative to the interests of the stakeholders. Equifax’s enormous data breach didn’t impact its operational readiness, but did have wide ranging impact on the individual with leaked private financial records(Mathews, 2017). Equifax didn’t spend enough resources on data security. Ethically, a corporation must spend sufficient resources to protect the private data of all stakeholders.
Social contract theory assigns corporations, as members of the community, a moral obligation to protect the private data of its stakeholders(Moir, 2001, p. 16). The corporation may hold internal stakeholder data such as employee records, or external stakeholder data such as customer financial data or vendor records. The higher the privacy needs of data, the more stringent the data security requirements and the more resources needed to be budgeted by the corporation. While there is a correlation between high security and cost of solutions, a large financial expenditure doesn’t necessarily mean a secure data infrastructure. The cybersecurity budget must be balanced between profitability and social responsibility.
Ethical issues arise in the cybersecurity field when competing moral interests conflict. The following are examples of such conflicts.
- A business has the right and need for access to the data stored on its networks and this can conflict directly with the employees right to privacy and freedom of surveillance. Many data security solutions examine all data flowing across the network for malicious behavior and Data Loss Prevention solutions examine all outgoing emails and data files(Wüchner & Pretschner, 2012, p. 3). The dilemma is balancing the employee’s right to privacy and the corporation’s need for control and security.
- The emerging trend of BYOD or ‘bring your own device’ is the use of employee owned devices such as smartphones for corporate business. It’s convenient for the employee because they only need carry a single device, but it requires corporate controlled software to be installed on the phone. The dilemma arises when the corporate owned data on the employee owned phone is stored in conjunction with private personal employee data(Miller, Voas, & Hurlburt, 2012, p. 55). John in IT can download a complete backup image of Rachel’s iPhone, which would give him access to all her personal contacts, emails, and texts. (John is an ethical professional and he would never do this, even though Rachel is his ex-wife.) Security solutions should have controls to avoid the possibility of impropriety to avoid baseless accusations.
- A classical ethical dilemma that may predate written history is the conflict between an individual’s right to privacy and the government’s need to knowledge for national security and criminal prosecution. In the cyber world, this question is about encryption and the governments right to break it or require a corporation to build backdoors into cypher systems. The FBI’s attempt to pressure Apple into creating a backdoor to their IOS iPhone operating system was a typical example(Nakashima, 2016).
References
Mathews, L. (2017). Equifax Data Breach Impacts 143 Million Americans. Forbes. Last modified September, 7.
Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. It Professional, 14(5), 53-55.
Mitroff, I. I. (1983). Stakeholders of the organizational mind: Jossey-Bass Inc Pub.
Moir, L. (2001). What do we mean by corporate social responsibility? Corporate Governance: The international journal of business in society, 1(2), 16-22.
Nakashima, E. (2016). Apple vows to resist FBI demand to crack iPhone linked to San Bernardino attacks. Washington Post.
Wüchner, T., & Pretschner, A. (2012). Data loss prevention based on data-driven usage control. Paper presented at the Software Reliability Engineering (ISSRE), 2012 IEEE 23rd International Symposium on.