Where the Law Ends and Responsibility Begins

By Eva Nolle

At the time, that advice sounded ominous, mysterious and probably somewhat intriguing and exciting. In hindsight, I didn’t actually quite know what to do with the advice. After all, a security professional’s job is to protect the companies and individuals they serve, which inherently should be a good and just thing, right? 

Over the years of working in the industry, it has become a lot more tangible. We protect highly sensitive information, valuable assets, people’s lives and more.  When time is short and pressure is high, ethical shortcuts can become tempting. And yet, those are the moments when ethics matter most. And whilst I am by no means suggesting that we all become unethical, every security professional at one point or another in their career has been confronted with the decision of how far they are willing to go to protect the assets entrusted to them.

Ethics fill the gap where law ends.

Something may be permissible under local law yet still be ethically questionable, reputationaly damaging, or strategically short-sighted - especially in multinational operations where legal and cultural norms differ widely.

By their very definition, ethics are rooted in cultural traditions and societal expectations and are intrinsically interlinked with the frameworks we operate in. However, over the years, as a global society, we have at least predominantly agreed on some core values, such as human dignity, fairness and justice. Yet, we live in a world in flux where these agreed-upon core values appear to be tested more and more. A world in which ethical parameters appear to become increasingly fluid. 

We live in an era of rising geopolitical tension, technological disruption, and societal polarisation. Security professionals are increasingly under immense pressure to deliver certainty in an uncertain world where our ethics seem to be under siege. 

As security professionals, we need to hold ourselves to a higher standard than most. Ethics are not an abstract ideal or a compliance footnote. They are the foundation that determines whether security protects organisations and societies or quietly becomes a source of risk itself. Unethical behaviour - whether corruption, misuse of data, discrimination, or excessive force - destroys the trust our profession cannot function without. Trust from our peers, trust from the societies we operate in, and trust from the companies we serve to protect. 

Even as the world is in motion and ethics are stretched, our legal obligations remain the same. Crises, such as the ones we currently find ourselves in, reveal values. And as a profession, now more than ever, we need to work hard to protect ours. Times like these are precisely when ethical leadership matters most.

Whilst all of this is in no way intended to suggest that our entire profession is slipping or that the majority of us are conducting ourselves unethically, it is meant as an appeal to pause, reflect and reimagine. 

Most of us know the importance of ethics in our profession and are members of organisations that voluntarily subscribe us to Codes of Ethics. Codes that remind us to perform our duties diligently, with integrity, in accordance with the highest morals, with respect and dignity for others, truthful, and with due care.  Codes that we choose to live by, acknowledging the importance of us upholding high standards. 

Security and leadership decisions are rarely neutral. They involve power, access to information, and the potential to cause harm—often under time pressure and uncertainty. Ethics therefore play a decisive role in how those decisions are made and judged.

Ethical failure often begins when short-term interests override core values such as human dignity, fairness, or accountability. However, choosing to perform our duties ethically, is not a constraint but a strategic advantage.