Full Text

1. Introduction

It is clear from newspaper reports, academic articles, security-related conference proceedings and many other studies that cyber space, and specifically cybersecurity, is a topic currently attracting considerable interest and attention over a wide spectrum of stakeholders. It is a topic growing in importance and significance month by month, with ever-expanding consequences and impact. The stakeholders cover the full spectrum – from the ordinary citizen accessing his or her online banking site – to the boards of directors (BoDs) of companies. Such boards are realizing more and more that protecting their respective companies in cyber space is a definite corporate governance responsibility, and consequently they are accountable for the related cyber risks in their companies, together with the associated subsequent legal implications for possible negligence and/or ignorance.

These concerns about cyber-related risks have, however, resulted in many people, including the suppliers of security solutions, who want to sell their solutions, to make cybersecurity a hype term. In doing so, they use it as an all-inclusive term for all the aspects related to security, often riding on the “cyber fears” of users and executive management. Different definitions and explanations for cybersecurity are given, as the situation requires, and statements like the following are used widely in relation to the cyber field:

• cybersecurity is actually the same as information security;

• information security is a part of cybersecurity;

• some cybersecurity attacks have nothing to do with information and/or the data; and

• information security is actually obsolete, and cybersecurity is now the all-inclusive term, replacing information security.

Taking the abovementioned into account, various different interpretations, as seen below, exist about precisely what cybersecurity includes, or does not include.

According to Martin and Rice (2011), several recent studies have found that technology is increasingly used to “cause embarrassment, to invoke harassment and violence, and to inflict psychological harm.” Based on this supposition, Von Solms and Van Niekerk (2013) argued that, where technology uses cyber space, consequential harm forms an inescapable part of cybersecurity. Thus, information security and cybersecurity overlap partially, with the consequential harm forming part of cybersecurity, but not information security. More recently, cyber harm has been established as a separate, independent field of study, which is not classified as a component of cybersecurity.

Eva Ignatuschtschenko (2016) states...