The university of tulsa Online Blog

Trending topics in the tu online community

Cyber Security

Cybersecurity Ethics: Why It’s Important

Written by: University of Tulsa   •  Dec 13, 2023

A cybersecurity professional in a server room consults a tablet.

According to the 2026 Cybersecurity Market Report, global cybersecurity spending will increase by 15% year-over-year, and is projected to exceed $1 trillion by 2031. 

As reliance on cybersecurity grows, so does the importance of cybersecurity ethics. Adhering to ethical principles differentiates those who help defend against harm from those who intend to inflict harm (such as hackers and perpetrators of ransomware attacks). Protecting the security and confidentiality of information and systems requires cybersecurity professionals to employ the highest standards of ethical practice.

Because they have extensive access to information and systems that affect the lives of almost everyone, professionals working in cybersecurity have a responsibility to keep ethics in mind with every action they take.

Individuals who aspire to work in cybersecurity and are considering enrolling in an online Master of Science in Cyber Security degree program can benefit from exploring how ethics informs the work of cybersecurity professionals. 

Ethical Principles of Cybersecurity

Cybersecurity gives rise to plenty of ethical considerations. The tenets of ethical practice in cybersecurity include:

  • Respecting people. Showing respect for individual rights encompasses ethical practices such as:

    • Maintaining the privacy and confidentiality of information

    • Operating on a basis of trust by, for example, being transparent about how information will be used

    • Following ethical data collection procedures, such as obtaining informed consent prior to collecting data

  • Ensuring justice. Examples of ethical practices related to ensuring justice include:

    • Avoiding bias in cybersecurity by, for example, promoting diversity on cybersecurity teams

    • Eliminating discrimination in cybersecurity algorithms

    • Removing discriminatory practices in profiling performed for the purposes of cybersecurity

  • Respecting the law and the public interest. Ethical practices that demonstrate this respect include practices such as:

    • Disclosing vulnerabilities and breaches

    • Responding to weaknesses in cybersecurity identified through processes such as audits

    • Properly managing conflicts of interest that arise in cybersecurity (for example, properly navigating the tension between the disclosure of vulnerabilities and the damage that disclosure can do to an organization’s reputation) 

Common Ethical Dilemmas in Cybersecurity

Cybersecurity professionals routinely face situations in which the right choice isn’t always obvious. These dilemmas often arise when security goals conflict with privacy, transparency, or organizational pressures. 

Common cybersecurity ethical dilemmas include the following:

  • Balancing privacy with monitoring needs. Security teams often rely on tools that track user behavior, network activity, or device use. The dilemma emerges when monitoring becomes so extensive that it risks infringing upon employee or customer privacy. Professionals must weigh the need for visibility against the obligation to respect personal boundaries.

  • Deciding when and how to disclose vulnerabilities. When vulnerabilities are discovered, organizations must choose between immediate disclosure (which protects the public but may expose them to risk) or delayed disclosure (which buys time to fix the issue but may leave others vulnerable). This tension between transparency and protection is one of the most debated ethical challenges in cybersecurity.

  • Using offensive security tactics responsibly. Techniques such as penetration testing (simulated cyberattacks that check for vulnerabilities) and red teaming (adopting hackers’ tactics) are essential for strengthening defenses, but they can cross ethical lines if not properly scoped. Activities such as social engineering, phishing simulations, and vulnerability exploitation can cause harm if they disrupt operations, damage trust, or exceed agreed‑upon boundaries.

  • Handling sensitive data during investigations. Incident response teams often gain access to personal, confidential, or legally protected information while analyzing breaches. The ethical dilemma lies in using only what’s necessary for the investigation while safeguarding the privacy and dignity of individuals whose data is exposed.

  • Navigating conflicts of interest. Cybersecurity professionals may face pressure to downplay risks, delay reporting, or overlook vulnerabilities to protect an organization’s reputation. Ethical practice requires prioritizing truth, transparency, and public safety, even when it conflicts with internal interests.

  • Determining acceptable levels of intrusion during threat hunting. Proactive threat hunting sometimes requires deep access to systems, logs, and communications. The dilemma arises when the level of access needed to detect threats begins to overlap with areas that users reasonably expect to remain private.

  • Managing AI‑driven security tools. Automated systems can flag suspicious behavior, block access, or make decisions that affect users. When AI models are biased, opaque, or overly aggressive, professionals must decide when to override automated actions and ensure fairness and accountability.

  • Responding to ransomware demands. Paying a ransom may restore operations quickly but can also fund criminal activity and encourage future attacks. Organizations must weigh ethical, legal, and operational considerations when deciding how to respond.

These dilemmas highlight why ethical judgment is just as crucial as technical skill in cybersecurity. Professionals must constantly balance competing priorities while upholding the trust placed in them.

Ethical Guidelines for Cybersecurity

Several organizations have established ethical guidelines or codes of ethics for cybersecurity. The following examples illustrate the scope of these codes. 

CREST Code of Ethics

CREST (the Council for Registered Ethical Security Testers) is a nonprofit organization that provides accreditation to cybersecurity firms that successfully pass its reviews in areas such as data security and cybersecurity testing. CREST also offers certifications to cybersecurity professionals in areas such as penetration testing, incident response, and threat intelligence. CREST has established a cybersecurity code of ethics that covers aspects of cybersecurity such as: 

  • Credibility

  • Professionalism

  • Prohibition against extortion, bribery, and corruption

  • Respect

  • Responsibility 

CompTIA Professional Code of Ethics

CompTIA (the Computing Technology Industry Association) offers certifications in areas such as cybersecurity and penetration testing. Its professional code of ethics establishes ethical requirements in areas such as:

  • Confidentiality

  • Conflicts of interest

  • Honesty

  • Integrity

  • Professional competence

ISACA Code of Professional Ethics

ISACA (formerly the Information Systems Audit and Control Association) provides certifications in areas such as information security management, data privacy, and cybersecurity. The ethical standards in its professional code of ethics cover areas such as:

  • Conduct and character

  • Disclosure

  • Due diligence

  • Objectivity

  • Professional care 

Integrating Ethics into Cybersecurity

Organizations can integrate ethics into cybersecurity through approaches that emphasize:

  • Where the responsibility for ethical cybersecurity practices rests. Ensuring ethics in cybersecurity is not limited to an information technology department or a cybersecurity team. Every employee of an organization is responsible for following ethical practices to protect information and systems. Creating a culture that emphasizes cybersecurity ethics helps ensure that all employees operate in an ethical manner.

  • Why ethical cybersecurity is important. It’s critical that organizations communicate the reasons underlying their cybersecurity controls and policies. This can inform employees of potential risks and enhance their ability to be vigilant about potential cybersecurity incidents or activity that seems unusual.

  • How organizations will integrate ethics into cybersecurity. For example, an organization can:

    • Craft a code of cybersecurity ethics tailored to its own unique operations

    • Provide all employees with training and education on ethics in cybersecurity

    • Regularly conduct risk assessments on an organization-wide basis to identify vulnerabilities

    • Maintain complete and accurate records of all information it maintains and how it processes and shares that information

    • Inform employees about the organization’s penalties for failure to act in an ethical manner, and impose those penalties when necessary

Role of the Cybersecurity Professional

While all employees of an organization have ethical responsibilities, it’s particularly important for IT professionals to uphold cybersecurity ethics. Given their expertise and the wide-ranging access they have to information and systems, it’s critical for professionals working in cybersecurity to ensure the privacy and security of the assets they are charged with protecting. 

A Strict Code of Cybersecurity Ethics Is Key to a Successful Career

Employing cybersecurity ethics is essential to maintaining trust and operating in a manner that demonstrates respect and integrity. In addition to their valuable technical skills, cybersecurity professionals benefit from knowledge of ethical practice and how it applies to their work. Developing a foundation in ethics is one of the many benefits of enrolling in a cybersecurity program.

Individuals who are interested in advancing their expertise in cybersecurity can explore The University of Tulsa’s online Master of Science in Cyber Security degree program to learn how it can help them achieve their professional goals. Equipping students with knowledge of the theories and techniques of cybersecurity, the program sets the stage for a rewarding career protecting valuable information and systems. Begin your educational journey in cybersecurity.

Recommended Readings

C-Suite and Cybersecurity Professionals: How They Collaborate

Preparing for a Cybersecurity Career: Insights From Justin Miller, MA, MS

Visualizing the ROI of a Cybersecurity Degree

Sources:

Akitra, “Ethical Considerations in Offensive Cybersecurity Tactics”

Cisco, “What Is a Cybersecurity Specialist?”

CompTIA, CompTIA Candidate Agreement

CREST, Code of Ethics

Cybercrime Magazine, “2026 Cybersecurity Market Report”

ISACA, Code of Professional Ethics

Tripwire, “The Importance of Ethics in Cybersecurity”

UpGuard, “Cybersecurity and Social Responsibility: Ethical Considerations”

Recent Articles

Headshot of Yi Ting Chua, PhD.
Cyber Security

Cybersecurity Pathways: Dr. Yi Ting Chua on Cybercrime

University of Tulsa

Mar 23, 2026

A cyberdefense team reviews code on a large monitor.
Cyber Security

What Is CISA Certification?

University of Tulsa

Mar 11, 2026

Headshot of Justin Miller Ma Ms in a Hallway
Cyber Security

Preparing for a Cybersecurity Career: Insights From Justin Miller, MA, MS

University of Tulsa

Mar 2, 2026

Learn more about the benefits of receiving your degree from The University of Tulsa

Get More Information