Developing best practice for collecting cybersecurity data

How do we get the best quality relevant and appropriate data for researching cybersecurity?




This interest group will bring key data stakeholders together with Data Scientists and Artificial Intelligence experts in order to organise and develop best practices with regard to collecting Cybersecurity Data. It will seek to develop acceptable standards for collecting data, analysing and using that data in a way that is both ethically safe, minimal in bias and also useful for building insights into how all organisations (public, private and third sector) can be made more cybersecure in the future.

This will be a hard task from the outset because collecting and processing data from key stakeholders that relates to their own security presents many challenges to their existing organisational and occupational cultures. Not least, without checks, the data may perpetuate bias. Victims may be reluctant to share it, for example, as they may be concerned that sharing attack data could damage their reputation if publicly revealed. They may, as is sometimes the case, not even be aware that sensitive information has been stolen, even though an attack may have taken place. Furthermore, requests for data may be made just after a cybercrime incident when the organisation is either most risk-averse, or not be capable of assessing the damage, or even be in a position to report it. In the worst-case scenario, the data could even provide an attacker with vital information that can be used to make further attacks.

Guided by the principle of developing better security for all, the interest group will work together to develop best practices that will enable participants to manage expectations and achieve the best science possible in the circumstances.

Explaining the science

The project will employ a grounded method which begins with the participants own perspectives about their sector's specific needs and requirements. Such an approach enables ideas to progress from the ground up. The project, however, will seek solutions based upon practices and (ethical) practicalities rather than theory. It is anticipated that a dataset will be co-created between organisations and researchers rather than produced by one and consumed by the other.


The aims of this interest group are directly related to the goals of the ATI: 

  • We wish to scope out the ‘future’ for data collection and analysis of cybersecurity and cybercrime data, 
  • We wish to identify the different types (and sources) of data, 
  • We will seek to establish who can collect that data and who can and should analyse that data, 
  • We hope to define the best ethical practices for data collection, data sharing, analysis  and data storage, 
  • We shall work out ways as to develop organisational partnerships to co-own particular ‘cybersecurity problems’. This would include how (and what) data could be collected to benefit both the security of the donor organisation and also other organisations more generally and how and where data can be used in the future.
  • Fulfilling the aim above could also be used to work out ways that partnerships could work together to co-produce a solution to the specific cybersecurity problems outlined above to ultimately identify, understand and mitigate cyber-attacks.

Talking points

During a time when the cybersecurity stakes are heightened by new types and intensities of threats, especially those which can retard the economic recovery from COVID-19, why is there such reluctance to participate in cybersecurity research since all parties have a common interest to do so?

Why do researchers have a problem in accessing organisations and data?

What cybersecurity data will help researchers get the job done? Are researchers thinking in or out of the box? Do expectations match the data that is available?

Can the gap between what researchers want to do with cybersecurity data and what organisations want it to be used for be reconciled?

Given that there is evidence that cyber attackers are using all data at their disposal to attack us should we not be doing the same to protect ourselves?

What can we (victims, agencies and researchers) do to work together to solve a problem that affects us all?

How can viable working partnerships be created that engenders trust between participants?

How to get involved

Click here to join us and request sign-up


Contact info

Stephen McGough
[email protected]

David Wall
[email protected]