Victim-shaming in Cybersecurity

Effi Lipsman is our sales leader at IntelliGO. His job involves putting the needs of clients and prospective clients first, every day. He often deals with people and companies impacted firsthand by cybersecurity threats, like malware, ransomware, and other cybersecurity incidents.

It wasn’t long ago that I wrote about how we, as a society, need to pay more attention to cyber-threats. An underpinning of such societal change is good communication: dialog that enhances visibility into the problem. Just call me a “social engineer” 😉. But there is a problem with the type of communication that is happening now, about cyber-breaches. Specifically, it is the assumption that companies who get hacked, or the people who work at them, are solely responsible for that situation, and perhaps even brought it upon themselves. People proclaim guilt, or negligence, or even incompetence when breaches happen to companies. I state that because small and medium-sized businesses are so afflicted by such “bad press” and public reaction, that people are reluctant to talk about it when it does happen. This means discussions of best practices, motivations towards societal change, and all of the ‘learnings’ we are supposed to gain can be lost.

In this post, I discuss whether victim-blaming is appropriate (spoiler alert, it’s not), explore the argument around why, and suggest how we can prevent this from continuing. Because, as we have seen, the data breaches are not going to stop, so let’s handle them better when they happen. Let’s evoke some positive change here, people!

I am reluctant to call out specific instances of victim-blaming in high-profile cybersecurity incidents to avoid duplicity.  But we’ve all seen it (countless times).  It’s the typical sales presentation by cybersecurity vendors that emphasizes the notable breaches; it’s the social media posts where my peers (and sometimes (Read more...)