Skip to main content
Log in

CSR and the Corporate Cyborg: Ethical Corporate Information Security Practices

  • Published:
Journal of Business Ethics Aims and scope Submit manuscript


Relying heavily on Thomas Dunfee’s work, this article conducts an in-depth analysis of the relationship between law and business ethics in the context of corporate information security. It debunks the two dominant arguments against corporate investment in information security and explains why socially responsible corporate conduct necessitates strong information security practices. This article argues that companies have ethical obligations to improve information security arising out of a duty to avoid knowingly causing harm to others and, potentially, a duty to exercise unique capabilities for the greater social good and to buttress stable functioning of social institutions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others


Download references


The author thanks the Zicklin Center for Business Ethics Research for the continued support of her research.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Andrea M. Matwyshyn.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Matwyshyn, A.M. CSR and the Corporate Cyborg: Ethical Corporate Information Security Practices. J Bus Ethics 88 (Suppl 4), 579–594 (2009).

Download citation

  • Published:

  • Issue Date:

  • DOI: