Words have meaning. When I was writing policies, it was imperative that ‘shall’, ‘will’, ‘may’ and ‘must’ be used correctly. The significance of a statement is dependent upon the word selected. With this in mind, it may be time to consider promoting ‘cyber safety’ instead of ‘cybersecurity.’ This is something I contemplate because I, personally, prefer thinking in terms of safety. Sometimes, just using the term ‘security’ can be offputting. Attaching ‘cyber’ to ‘security’ can scare people who have learned skepticism about technology. The apparently never-ending flow of news stories on breaches, ransomware and identity theft creates anxiety. The attempted poisoning of the water supply in Oldsmar, Florida by means of a cyberattack is a recent example.
What’s the Difference?
Words used as often as ‘security’ and ‘safety’ should have well-understood definitions; this might not be the case. Both words are associated with being free from harm. However, sometimes the distinction is made between protection from intentional events (security) and accidental hazards (safety). To understand exactly how the two words relate requires a deep dive into the words’ definitions.
Merriam-Webster defined security as “freedom from fear or anxiety,” while safety means “the condition of being safe from undergoing or causing hurt, injury, or loss.” The definition of ‘safe’ is “free from harm or risk.” Thus, ‘safe’ and ‘security’ have some similar characteristics. There are additional meanings, especially for ‘security,’ which can change the perception of the word. An alternative definition is, “measures taken to guard against crime or attack.” This last meaning is where the differences between the two words is most stark.
Security Deals With the ‘How?’
The concept of ‘security’ is to take actions required to create a secure environment. Security is about how to protect yourself and others from threats. In the cyber world, this relates to the acquisition and operation of myriad security solutions and controls. The wide range of needs is represented in all the different forms of protection, such as data security, computer security, device security and network security.
Safety Deals With the ‘Why?’
‘Safety’ is about existing in a risk-free condition. People want to avoid trouble, pain and loss. These are the needs that motivate people to be safe. Being safe allows you to conduct business online, to interact with others, have private communications and live your life without fear. Safety is the stimulant for positive behaviors.
Two Sides of the Same Coin
I enjoy classic stories. It is amazing to me that these tales, some of which are over two thousand years old, still resonate. One of my favorites is the Sword of Damocles, as told by the Roman philosopher Cicero. Damocles is awed by and envies the power and wealth of the king; the monarch decided to show Damocles the reality of his life. Vast luxuries were made available to Damocles as the guest of honor at a grand party. However, precariously suspended above the sycophant’s head was a razor-sharp sword. Damocles, apparently not being a brave or ambitious man, decided to retreat, and refused everything the king had to offer.
There are various interpretations of the lesson of this allegory. I find it useful as a way to represent how security and safety are closely related. On the security side, the sword is a threat to be avoided. Removing or mitigating the threat that is hanging over your head illustrates the value of safety. Ultimately, Damocles chose safety over insecurity.
The reality is that security and safety are two sides of the same coin. One is about actions you need to take to be secure (e.g. get out from under the sword) and the other is your ultimate goal, which is to be safe from situations that cause harm, injury or loss. It is hard to achieve safety if you do not practice some level of security. Security is effective when you know what it means to be safe.
Talking about Cyber Safety
Connecting cybersecurity and computer safety is not new. The positioning is a prominent feature of marketing security to consumers. Many consumer security companies emphasize how their security software helps people remain safe when surfing the internet, for example. The security of your computer can affect the safety of your online experience. The Cybersecurity & Infrastructure Security Agency (CISA) includes Cyber Safety as a subcategory under Cybersecurity.
Discussing cyber safety is much less popular with enterprises. Instead, the focus tends to be on how assets are going to be secured and much less about they why they need to be kept safe. However, organizations need to start treating cybersecurity as a safety issue.
The definitions are similar, but it is the emphasis that creates a distinction. Safety is what we are striving for; the term should have greater prominence. Let’s talk less about how we deploy security features, and more about why safety is valuable and desirable. People need to understand the benefits of cyber safety so they, like Damocles, select activities that foster safety.