On 23–24 September 2025, RISCS Alumni Fellows Dr Rebecca Owens and Dr Partha Das Chowdhury convened an international workshop, ‘Cybersecurity: A Matter of Law or a Matter of Justice?’ at Durham Law School. Over two days, early-career researchers, senior academics, policymakers, and industry leaders came together to examine how cybersecurity is shaped not only by legal frameworks but also by questions of justice.
From the earliest discussions, one point has become increasingly evident: cybersecurity cannot be reduced to a purely technical matter. Secure systems demand governance structures that align technological design with societal values of trust and justice.
The opening day showcased new perspectives from early-career researchers across Bristol, Bath, Newcastle, Southampton, and Eindhoven. Their projects revealed how digital security is deeply entangled with social and political values. Sophia Walsh (Bristol) explored how privacy labels might empower user choice, while Roy Ricaldi (Eindhoven) analysed the trust that underpins cybercrime economies. Eldar Jalilzade (Newcastle) examined biometric authentication in mobile video platforms, and Elizabeth Kolade (Bath) highlighted the governance role of Cyber Security Incident Response Teams (CSIRTs) across borders. Han Wu (Southampton) urged that privacy-preserving AI methods must be audited to carry legal weight, and Maksim Kolomeets (Newcastle) demonstrated how hidden biases in AI tools can distort hiring practices. Taken together, these studies underscore a simple truth that cybersecurity is inseparable from matters of justice within our digital society.
The second day turned to keynote perspectives that widened the lens. Partha introduced the day by noting that placid guardians of both cybersecurity and legal institutions avoid giving reasoned justifications for their actions. Thus, systems like laws do not consider their effects on lives and liberty. Professor Aad van Moorsel (Birmingham) warned of the risks of algorithmic harms, insisting that accountability must be designed into AI before problems become entrenched. Professor Ben Farrand (Newcastle) set out the global stakes, contrasting Europe’s push for digital sovereignty, the UK’s industry-led strategy, China’s emphasis on data localisation, and the United States’ fragmented approach. Dr Karen Renaud (Strathclyde) drew lessons from the UK Post Office scandal, a stark reminder of how misplaced trust in digital evidence can distort justice and erode public confidence. Peter Davies (Thales) asked participants to rethink what ‘secure’ means in hyper-connected supply chains. Perfect prevention, he argued, is a myth. With regulations multiplying and liability dispersed, the real priority is resilience: reducing harm when failures occur, restoring systems quickly, and ensuring evidence that can stand up in court.
The workshop closed with a panel chaired by Dr Stergios Aidinlis (Durham), featuring Kuan Hon (Dentons), Professor Joanna Syrda (Bath), Thea Scott (CyberNorth), and Kevin Howell (HTG Group). Their conversation stressed that law and justice must be at the centre of AI and cybersecurity governance. Accountability must be demanded in vendor contracts, claims about productivity must be tested against evidence, and support must be targeted to the organisations that face the most significant barriers. The panel emphasised that small and medium-sized enterprises (SMEs) often lack the resources to act until risks are unavoidable, making fair access to expertise and training essential.
Across both days, participants converged on a shared understanding: cybersecurity is not only about defending systems, but also about protecting individuals. As such, effective governance will require collaboration across law, technology, and society, striking a balance between compliance and the principles of justice.
As this workshop has made clear, navigating the complex interplay between law and justice will remain one of the significant socio-technical challenges we must address.
Dr Rebecca Owens
Durham University
RISCS Alumni Fellow
Dr Partha Das Chowdhury
University of Bristol
RISCS Alumni Fellow