Bias in Commercial Cyber Threat Reporting and Distorted Threat Perceptions
Lennart Maschmeyer
2019 - present
This project traces bias in commercial cyber threat reporting to evaluate its impact on key actors in cyber conflict and distorts public perception. Commercial cyber threat reporting constitutes the largest and often only source of data on cyber conflict and shapes not only academic analyses, but also how potential victims and policy makers perceive the threats posed by cyber attacks and prioritize responses. Bias in reporting thus distorts public perception, but also causes a significant information asymmetry between those actors who can afford customized private reporting, and those who cannot—including some of the most vulnerable actors. To assess the presence of bias, this project builds a dataset of all available public reporting by commercial cyber threat intelligence vendors to examine how business interests cause selection bias in what gets reported publicly and what does not. Having published findings of the initial analysis of all public reporting by the commercial threat intelligence sectors, the second and current stage of this project proceeds—in collaboration with Xander Bouwman (TU Delft)—with a structured comparison of publicly available reporting and private reporting reserved to paid customers by the same vendors.
Publications: