Ethics in cybersecurity research and practice

Kevin Macnish*, Jeroen van der Ham

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

5 Citations (Scopus)
158 Downloads (Pure)


This paper critiques existing governance in cyber-security ethics through providing an overview of some of the ethical issues facing researchers in the cybersecurity community and highlighting shortfalls in governance practice. We separate these issues into those facing the academic research community and those facing the (corporate) practitioner community, drawing on two case studies. While there is overlap between these communities, there are also stark differences. Academic researchers can often rely on research ethics boards (REBs) to provide ethical oversight and governance which are typically unavailable to the practitioner community. However, we argue that even within the academic community the constitution of REBs is such that they may be (and in some cases at least are) unable to offer sound advice. Our recommendations are that ethics should be taught in far greater depth on computer science courses than is currently the case, and that codes of conduct should be developed and deployed provided they can be seen to be effective. In tandem with these, an active discussion regarding the ethics of cybersecurity and cybersecurity research is urgently needed.

Original languageEnglish
Article number101382
JournalTechnology in society
Early online date9 Sep 2020
Publication statusPublished - 1 Nov 2020


  • Cybersecurity
  • Discrimination
  • Ethics
  • IRB
  • Personal data
  • Privacy
  • Research
  • Trust


Dive into the research topics of 'Ethics in cybersecurity research and practice'. Together they form a unique fingerprint.

Cite this