Most of the reports published by the cybersecurity industry focus on topics espionage high financial profit as well as in "companies" hacking state-funded groups. However, they fail to emphasize them threats concerning civil society. In this way, they do not present the exact landscape of the threats that emerge in cyberspace.
In an article published in Journal of Information Technology & Politics, a group of academics, made up of some of the biggest names in cybersecurity and Internet, analyzed 700 cybersecurity reports published in between 2009 and 2019. The reports collected by the academics come from two types of sources: suppliers of threat information for commercial purposes (629 reports) and independent research centers (71 reports). In addition, the team examined data from AccessNow, a digital rights advocacy team to understand the real digital threats.
The research team, which consists, inter alia, of Lennart Maschmeyer, Ronald J. Deibert and Jon R. Lindsay, found that only 82 of the 629 reports, or about 13%, focused on a threat to civil society. Of these 82 reports, only 22 focused on threats to civil society, while the remaining 607 focused on hacking cyber-gangs, such as groups APT.
In contrast, most cybersecurity reports conducted by independent research centers focused on threats to civil society. According to Maschmeyer, Deibert and Lindsay, this is due to the fact that Companies cyber security are guided by their lines and the reports they issue serve a variety of purposes, such as advertising as well as other interests.
In other words, companies dealing with cybersecurity, chasing customers of large operational and seeking government contracts, they focus mainly on investigating a cybercrime, financial espionage and sabotaging critical infrastructure, but at the same time omitting threats to both individuals and society as a whole. High-level threats targeting high-profile individuals are given priority, while threats against civil society organizations, which do not have the resources to pay for their defense, tend to be ignored and completely excluded from such reports. Thus, those who need more accurate information about the threats but receive insufficient information are left exposed to such risks.
In addition, according to the researchers, since cybersecurity companies are behind the majority of reports, this situation creates a bias towards reports, which may affect the perception of both policy makers and researchers, while it may have long-term implications for government policies, a state's national defense strategies, and academic work.
The best example of this theory, published by researchers in June, is the presidential election. USA of 2016. The Americans services Cyber security officials expected national government entities to crack down on the campaigns, which they did, but most of the real damage was done through social media campaigns targeting civil society. These campaigns influence, behind which they hid Russians, focused on both individuals and society, surprising most researchers and policymakers. This did not correspond to the prevailing threat models focusing on critical infrastructure disruption and large-scale digital espionage.