In this opinion piece, I advocate for the adoption of a care-based stakeholder approach in cybersecurity for companies. With the ever-increasing digitization of all aspects of life, companies are struggling to keep themselves and their customers secure. This is, at least in part, due to their focus on compliance to standards and regulations, they fall victim to a checkbox-mentality where compliance instead of security is seen as the goal. This strong focus on compliance creates security blind-spots and the negative impact it has on security is strengthened by the “pacing problem” – where technology evolves faster than the law. Thus, leaving a gap where there is a lack of legislation and enforcement for new technologies. In this opinion piece I argue that the responsibility for cybersecurity should be shared by governments and companies. To give companies the tools they need for ethical decision-making and thus truly take responsibility, I suggest combining the ethics of care with stakeholder theory to provide a context-based relational view of companies. With this caring stakeholder model, companies have the tools they need to transition from compliance to security.

在这篇评论文章中，我主张在公司网络安全方面采用基于关心的利益相关者方法。随着生活各方面数字化程度的不断提高，公司正在努力确保自身及其客户的安全。这至少部分是由于他们专注于遵守标准和法规，他们成为了复选框心态的受害者，其中合规性而不是安全性被视为目标。这种对合规性的强烈关注会造成安全盲点，而“节奏问题”（技术的发展速度快于法律的发展速度）加剧了它对安全的负面影响。因此，在新技术缺乏立法和执法方面留下了空白。在这篇评论文章中，我认为网络安全的责任应该由政府和公司共同承担。为了给公司提供道德决策所需的工具，从而真正承担责任，我建议将关怀道德与利益相关者理论相结合，以提供基于情境的公司关系视图。通过这种充满关爱的利益相关者模型，公司拥有从合规性向安全性过渡所需的工具。