A study of 1,504 Australians has found customers feel left out of the debate on cyber attacks, data security, and have low confidence in national efforts to keep pace with threats.
The study analysed the responses of Australian focus groups surveyed in 2020 to investigate sentiments on institutional trust, understanding of resilience, digital literacy and perceptions of cyber threats.
Research co-author associate professor Robert Manwaring said the findings highlighted the gap between citizens’ knowledge and engagement and the broad response to cyber threats from top-down, technocratic and elite-driven agencies.
“There’s generally little meaningful strategic effort to engage citizens in government-led responses, overlooking what’s often called the ‘social layer’ of cybersecurity,” he explained.
“We need to encourage a genuinely whole-of-society approach — something which like Sweden and Finland are making considerable inroads.”
The research, supported by a strategy policy grant from the Department of Defence, showed that even prior to the recent hacking scandals of Optus and Medibank Private customer databases that citizen confidence in the government’s ability to address cyber interference in the country’s economy, politics or society was low.
Six focus groups comprising 62 citizens from South Australia, Victoria and NSW were surveyed for the paper. Participants were asked to identify the biggest internal and external threats to Australia’s democracy, with respondents commonly identifying issues regarding integrity.
Other threats identified by respondents included a reduction of civic freedoms, growing public apathy and inequality (operating against the backdrop of a perceived context of ineffectual (and/or biased) media), big-business lobbying, and increasing polarisation. Social media and technology were also themes often linked to threats.
In addition to low confidence in the public sector and corporate cyber security capability, the respondents reported low trust in established processes.
According to Flinders University’s Dr Josh Holloway, poor experiences using online services informed citizen concerns about the government’s technological capabilities.
“Quite reasonably, [respondents] tended to have little awareness of which public institutions and authorities are taking leadership in managing cyber threats and, collectively, expressed broad scepticism of social media and tech companies, media organisations, the federal government and public service generally,” Holloway said.
“They also showed doubts about investment in skills and commitments to cybersecurity among businesses.”
🚨New publication! Out now in Defence Studies, Rob Manwaring and I interrogate the increasingly popular 'resilience' response to cyber foreign interference, and explore oft-overlooked social, democratic, and citizen aspects.https://t.co/rVrUJEjoLL pic.twitter.com/hsNwXmjWiO
— Josh Holloway (@jmrholloway) October 20, 2022
The authors recommended the media play a bigger role informing the public at large and driving discourse about cyber threats. Manwaring said there was clearly scope for more nuanced, regular coverage about cyber risk issues that was less reactive or focused on “international spectacle”.
“Australians need to be informed of the reality of cyber risk, and given the tools and information to participate in strategic efforts to enhance Australia’s cyber resilience, rather than just hearing about the fallout of successful cyber-attacks,” the associate professor said.
The paper, ‘Resilience to cyber-enabled foreign interference: citizen understanding and threat perceptions‘. was published in the Defence Studies journal last week.
:
Any feedback or news tips? Here’s where to contact the relevant team.