Fear appeals are used in many domains. Cybersecurity researchers are also starting to experiment with fear appeals, many reporting positive outcomes. Yet there are ethical concerns related to the use of fear to motivate action. In this paper, we explore this aspect from the perspectives of cybersecurity fear appeal deployers and recipients. We commenced our investigation by considering fear appeals from three foundational ethical perspectives. We then consulted the two stakeholder groups to gain insights into the ethical concerns they consider to be pertinent. We first consulted deployers: (a) fear appeal researchers and (b) Chief Information Security Officers (CISOs), and then potential cybersecurity fear appeal recipients: members of a crowdsourcing platform. We used their responses to develop an effects-reasoning matrix, identifying the potential benefits and detriments of cybersecurity fear appeals for all stakeholders. Using these insights, we derived six ethical principles to guide cybersecurity fear appeal deployment. We then evaluated a snapshot of cybersecurity studies using the ethical principle lens. Our contribution is, first, a list of potential detriments that could result from the deployment of cybersecurity fear appeals and second, the set of six ethical principles to inform the deployment of such appeals. Both of these are intended to inform cybersecurity fear appeal design and deployment.

恐惧诉求在许多领域中都有使用。网络安全研究人员也开始尝试恐惧的吸引力，其中许多报告都取得了积极成果。然而，还有一些关于使用恐惧来激发行动的道德问题。在本文中，我们从网络安全恐惧吸引部署者和接受者的角度探讨这一方面。我们从三种基本的道德角度开始考虑恐惧诉求，从而开始了我们的调查。然后，我们咨询了两个利益相关者团体，以深入了解他们认为相关的道德问题。我们首先咨询了部署者：（a）恐惧呼吁研究人员和（b）首席信息安全官（CISO），然后是潜在的网络安全恐惧呼吁接受者：众包平台的成员。我们使用他们的回应来建立影响原因矩阵，确定所有利益相关者对网络安全恐惧的潜在利益和危害。利用这些见解，我们得出了六项道德原则来指导网络安全恐惧呼吁的部署。然后，我们使用道德原则视角评估了网络安全研究的概况。我们的贡献是，首先，列出了部署网络安全恐惧呼吁可能导致的潜在危害，其次，是为部署此类呼吁提供了六种道德原则。两者都是为了告知网络安全恐惧上诉设计和部署。