CYBERSECURITYConsumers Feel Left Out of Debates on Cyberattacks and Data Security

Published 28 November 2022

Illegal cyberattacks on thousands of citizens’ personal data in Australia have heightened awareness of the hazards of insecure digital systems, – and consumers want to play a more active role in building more resilient systems to reduce risks caused by hacking, online deception, bots and other threats.Illegal cyberattacks on thousands of citizens’ personal data in Australia have heightened awareness of the hazards of insecure digital systems, – and consumers want to play a more active role in building more resilient systems to reduce risks caused by hacking, online deception, bots and other threats.

Illegal cyberattacks on thousands of citizens’ personal data in Australia have heightened awareness of the hazards of insecure digital systems – and Flinders Universityresearchers say consumers want to play a more active role in building more resilient systems to reduce risks caused by hacking, online deception, bots and other threats.

Their study of a nationally representative sample of 1500 Australian citizens in 2020 – and focus groups comprising 62 people in three states – investigated attitudes to institutional trust, understanding of resilience, digital literacy and perceptions of cyberthreats.

Even before the escalation in recent cyber breaches of Optus and Medibank Private customer bases, citizens in the surveys were clearly not confident or optimistic that Australia is keeping pace with cyberthreats and interference in the country’s economy, politics or society.

“Not only are these citizens concerned about the technological capabilities of government – often citing poor experiences using online government services – but they also showed doubts about investment in skills and commitments to cybersecurity among businesses,” says Flinders University researcher Dr Josh Holloway.

“Quite reasonably, they tended to have little awareness of which public institutions and authorities are taking leadership in managing cyberthreats and, collectively, expressed broad skepticism of social media and tech companies, media organizations, the federal government and public service generally.”

While survey participants wanted more capability and responsibility from the public sector and corporations, their trust in this process was low.

The findings, published in the journal Defence Studies, highlights the gap between Australian citizens’ knowledge and engagement and the broad response to cyberthreats from top-down, technocratic and elite-driven agencies.

Co-author Associate Professor Robert Manwaring says Australian citizens’ confusion and lack of trust is not necessarily their fault.

“There’s generally little meaningful strategic effort to engage citizens in government-led responses, overlooking what’s often called the ‘social layer’ of cybersecurity,” says Associate Professor Manwaring. 

“We need to encourage a genuinely whole-of-society approach – something which like Sweden and Finland are making considerable inroads.”

The media also should play a greater role in informing the public and public debate around cyberthreats.

“There’s clear scope for more nuanced, regular coverage of cyber risks – and one that is less focused on international ‘spectacle’ and reactive coverage.

“Australians need to be informed of the reality of cyber risk, and given the tools and information to participate in strategic efforts to enhance Australia’s cyber resilience, rather than just hearing about the fallout of successful cyber-attacks.”