From compliance to security, responsibility beyond law

In this opinion piece, I advocate for the adoption of a care-based stakeholder approach in cybersecurity for companies. With the ever-increasing digitization of all aspects of life, companies are struggling to keep themselves and their customers secure. This is, at least in part, due to their focus on compliance to standards and regulations, they fall victim to a checkbox-mentality where compliance instead of security is seen as the goal. This strong focus on compliance creates security blind-spots and the negative impact it has on security is strengthened by the pacing problem - where technology evolves faster than the law. Thus, leaving a gap where there is a lack of legislation and enforcement for new technologies. In this opinion piece I argue that the responsibility for cybersecurity should be shared by governments and companies. To give companies the tools they need for ethical decision-making and thus truly take responsibility, I suggest combining the ethics of care with stakeholder theory to provide a context-based relational view of companies. With this caring stakeholder model, companies have the tools they need to transition from compliance to security.

Automated summary

This opinion piece advocates for a care-based stakeholder approach in cybersecurity, emphasizing the shared responsibility and providing tools for companies to transition from compliance to genuine security.