Blessed Are The Lawyers, For They Shall Inherit Cybersecurity

Daniel W Woods, Aaron Ceross

Research output: Chapter in Book/Report/Conference proceedingConference contribution


This paper considers which types of evidence guide cybersecurity decisions. We argue that the “InfoSec belongs to the quants” paradigm will not be realised despite its normative appeal. In terms of progress to date, we find few empirical results that can guide risk mitigation decisions. We suggest the knowledge base about quantitative cybersecurity is continually eroded by increasing complexity, technological flux, and strategic adversaries. Given these secular forces will not abate any time soon, we argue that legal reasoning will increasingly influence cybersecurity decisions relative to technical and quantitative reasoning. The law as a system of social control bristles with ambiguity and so legal mechanisms exist to resolve uncertainties over time. Actors with greater claims to authority over this knowledge base, predominantly lawyers, will accrue decision making power within organisations. We speculate about the downstream impacts of lawyers inheriting cybersecurity, and also sketch the limits of the paradigm’s explanatory power.
Original languageEnglish
Title of host publicationNew Security Paradigms Workshop
Place of PublicationNew York, NY, USA
PublisherAssociation for Computing Machinery, Inc
ISBN (Print)9781450385732
Publication statusPublished - 27 Dec 2021
EventNew Security Paradigms Workshop 2021 - Virtual Conference
Duration: 26 Oct 202128 Oct 2021

Publication series

NameNSPW '21
PublisherAssociation for Computing Machinery


ConferenceNew Security Paradigms Workshop 2021
Abbreviated titleNSPW 2021
Internet address


  • risk management
  • cybersecurity policy
  • philosophy of security
  • technology policy
  • lawyers
  • quantitative cybersecurity


Dive into the research topics of 'Blessed Are The Lawyers, For They Shall Inherit Cybersecurity'. Together they form a unique fingerprint.

Cite this