The nature of society: Are certain cultures less predisposed to cyberthreats than others? An examination using the example of Germany

Abstract

Successful ransomware attacks and thefts of data and passwords have unequivocally demonstrated that technical defensive measures are to be considered as merely basic moves in the protection against cyberattacks, and that security concepts, if to be effective, must take ever greater account of the human factor. Several examples prove that attack vectors which belong to the area of ‘social engineering’ are menacingly successful. Employees of enterprises, especially SMEs, frequently underestimate their importance when assessing security risks and the defence against them. As a consequence of these findings, a company-wide risk management should respect cultural and psychological peculiarities. Another promising approach are AI-based concepts, both as a technical defence against cyberthreats and in respect of processes specific to the company, as well as culture-specific characteristics of its employees. Both approaches are based on understanding human behaviour in its sociocultural context. Within the scope of this paper, this cultural aspect of cyber security is examined with regard to whether certain cultures may be less predisposed to cyberthreats than others. This is analysed using the example of Germany and also considers the question whether more or less authoritarian company cultures play a role in this context. How can phenomena such as German angst and similar cultural peculiarities be adequately taken into account? The remarks are mainly targeted at an audience which is concerned with organisational and technical countermeasures again cyberthreats. They focus on the importance of incorporating findings from psychology and social sciences when designing and realising such measures.