Vladimir Gerasimov - stock.adobe

Chinese web users take more risks than Brits or Americans

A research paper published by the University of Birmingham seems to show that differences in cultural values have an impact both on risky behaviour online and legal regulation

People from more competitive cultures, such as China, tend to indulge in riskier behaviours online, prompting their national governments to enact more stringent security regulations, as opposed to people from more cooperative cultures, who take fewer risks resulting in lighter-touch oversight, according to an academic report

Web users in a total of 74 countries were studied by researchers at the University of Birmingham, who used cultural value measurements from the Schwartz Value Survey to predict the International Telecommunications Union’s Global Cyber Security Index (GCI), which measures state commitments of countries to security regulation.

The research was led by Birmingham Law School’s Alex Kharlamov and Birmingham Business School’s Ganna Pogrebna, who have published their findings, Using human values-based approach to understand cross-cultural commitment toward regulation and governance of cyber security.

Kharlamov and Pogrebna demonstrated that differences in cyber security regulation as shown by the GCI stemmed from cross-cultural difference in values between countries, and how cultural values map closely to national commitments to regulate security.

“We spend most of our lives in the digital domain, and cyber attacks not only lead to a significant financial damage, but also cause prolonged psychological harm – using social engineering techniques to trick people into doing something they otherwise would not want to do,” said Kharlamov.

“Irresponsible use of digital technologies, such as the Cambridge Analytica case, cause harm to many citizens and tell us that internet regulation is imminent. It is vital to understand the origins of human behaviour online, as well as values and behavioural patterns.”

Kharlamov and Pogrebna highlighted the relative positions of China, the US and the UK, all of which sit relatively close to the competitive pole.

They found that in China, people were more likely to not use antivirus or anti-malware services; to provide personal information to get free Wi-Fi access at public hotspots; to link multiple social media accounts; to use insecure Wi-Fi connections; and to allow web browsers to remember their passwords.

This mapped to China’s regulatory environment, which is extremely strict. In the US, where people are less inclined to indulge in behaviours that put them at risk online, there is less regulation, but it is still stricter than in the UK, where risk-taking was even lower.

In countries lying closer to the cooperative pole attitude to risk-taking in cyber space was more likely to be “guided by constructs of collective nature” and the regulatory environment was found to be correspondingly less strict because people expect societal instruments or pressures to act in its stead. These countries included multiple African states, such as Cameroon, Egypt and Ethiopia.

Pogrebna said: “Culture shapes the way we govern cyber spaces. Human values lie at the core of the human risk‐taking behaviour in the digital space, which, in turn, has a direct impact on the way in which digital domain is regulated.

“We talk about establishing overarching international online regulation, such as a new International Convention of Human Digital Rights. Yet, it seems the main reason why the international community fails to agree on such regulation has deep cultural underpinning.”

Read more about security regulation

  • UK cyber security agency is urging citizens to improve online safety and password security after research reveals most-hacked passwords and a survey exposes gaps in online security.
  • Proposed controversial online age verification checks could increase the risk of identity theft and other cyber crimes, warn security experts.
  • New and old IoT regulations create a maze of rules and best practices that organisations must navigate to become more transparent about their IoT security practices.

Read more on Security policy and user awareness