Cyber security and the Leviathan

TL;DR

This paper explores how cyber security functions in businesses reflect Hobbesian ideas, highlighting their role in normalizing surveillance and supporting state-like control within society.

Contribution

It applies Hobbes' Leviathan framework to analyze cyber security practices, offering a novel philosophical perspective on their societal implications.

Findings

Cyber security practices exhibit Hobbesian features like surveillance.

These practices support state-like control and normalization of intrusive measures.

They stimulate consumption and reinforce societal power structures.

Abstract

Dedicated cyber-security functions are common in commercial businesses, who are confronted by evolving and pervasive threats of data breaches and other perilous security events. Such businesses are enmeshed with the wider societies in which they operate. Using data gathered from in-depth, semi-structured interviews with 15 Chief Information Security Officers, as well as six senior organisational leaders, we show that the work of political philosopher Thomas Hobbes, particularly Leviathan, offers a useful lens through which to understand the context of these functions and of cyber security in Western society. Our findings indicate that cyber security within these businesses demonstrates a number of Hobbesian features that are further implicated in, and provide significant benefits to, the wider Leviathan-esque state. These include the normalisation of intrusive controls, such as surveillance, and the stimulation of consumption. We conclude by suggesting implications for cyber-security practitioners, in particular, the reflexivity that these perspectives offer, as well as for businesses and other researchers.