Sage Journals: Discover world-class research

Abstract

Despite the scientific significance of journalism practice, the gap between academic and applied fields persists. In this paper, based on our project on the digital security of journalists and their sources, we argue that practice-relevant research in the form of the action-innovation model benefits both the academic and the applied realms. To this end, we provide hands-on practical training on the important topic of digital security, which remains under-researched and therefore requires an exploratory approach. A total of 23 training sessions were conducted for 230 participants representing various media outlets in Germany. The objective was to enhance awareness and skills regarding digital threats. This constituted the core of a mixed-methods approach, which included surveys, observation, and interviews. In evaluating the process and results, it was found that the combination of applied and scholarly elements enhanced the project in terms of access, commitment, contextualisation and depth. The data were analysed according to an adaptation of the socio-technological Newsafety concept. The findings revealed a general lack of competence in dealing with cyber threats and a severely lacking in-house communication. In general, to address and explore relevant and current issues like this, it is recommended to consider the practical value to research participants and to collaborate with practice-based trainers who can help bridge the gap and foster mutual understanding.

Keywords

Journalism digital security digital safety source protection research-practice-gap action research training newsafety

Introduction

The relationship between journalism research and practice is an intricate and multifaceted one. Historically, journalism education was based on on-the-job training. However, over time, there has been a shift towards an increasingly academic approach (Bélair-Gagnon and Usher, 2021). Nevertheless, the divergence between journalism research and practice remains a challenge (Barkho and Lugo-Ocando, 2022). Nowadays, researchers may encounter a certain degree of reluctance on the part of journalists to engage in research activities. This can be explained by the frequency and regularity with which journalists are researched (Blanchett et al., 2023). It is therefore important to provide an additional practical value to journalists in exchange for their time and information when inviting them to contribute to our research (Barkho and Lugo-Ocando, 2022). This kind of practice-oriented research design offers benefits to both parties: practice can learn and implement up-to-date knowledge, while academics gain access to complex and in-depth research data (Grubenmann, 2016).

Such an approach, which aims to bridge the gap between science and practice, is particularly relevant in the context of comparatively novel research topics, that require continuous adaptation of practices (Grubenmann, 2016). Here journalism is initially concerned with appropriation and mastery and is therefore more open to external input without having to fear criticism of long-established routines (Wilner et al., 2024). This is why our research project on the topic of digital security and source protection in journalism combines an exploratory study with practical training. While the training addresses a problematic lack of knowledge and skills in practice, it also provides a basis of trust for the research collaboration on such a sensitive, security-related topic.

Digital security in journalism is as relevant as it is up-to-date. In the digital age, sensitive data of journalists and their investigations are exposed to great dangers (McGregor, 2021). It is possible for journalists to inadvertently leave behind data traces that potentially expose their sources (e.g., Moßbrucker, 2019). Furthermore, they may reveal their personal traits with uncertain consequences. To protect their sources and themselves, journalists require adequate working conditions and legal frameworks, as well as a heightened awareness of the dangers and effective prevention skills (Westlund et al., 2024). Otherwise, the very existence of a free press as a cornerstone of democracy is threatened (Posetti, 2017). While the number of cyberattacks targeting media companies is growing (e.g., KPMG, 2024), research indicates a significant backlog within the media when it comes to digital security (e.g., Henrichsen, 2020a), and abilities and expertise of journalists remain constrained (Di Salvo, 2024). Furthermore, there is a dearth of comprehensive, integrated strategies to counteract digital attacks and their underlying causes (Waisbord, 2022).

Our project is structured around two phases, each characterised by a varying degree of knowledge transfer, but both focused on practical value. The initial phase of the project is designed to enhance the competences of journalists and their organisations, while the subsequent phase entails disseminating the findings of the research to management and IT, and showcasing examples of good practice. In this paper, we concentrate on the initial phase, as the second is still ongoing. Our research design, which draws on the principles of action-innovation research (Meier, 2011), proved an effective means of addressing the inherent complexity and sensitivity of the topic while simultaneously meeting the profession’s need for practical skills. The design is centred on the practical trainings for journalists, addressing a diverse range of media organisations and freelance journalists in Germany. These training sessions, facilitated by experts in digital security for journalism, are integrated into a multi-methods approach that incorporates online surveys, participant observation, and, in a subsequent phase, problem-centred interviews.

As such, our project builds a bridge between academia and practice on three pillars: the training component as a practical value for journalists (pillar one), a comparatively new and urgent topic – digital security – that is relevant to them (pillar two), and a collaboration with trainers who are themselves practitioners and act as mediators between academia and practice (pillar three).

In this paper we aim to make the case for this unusual but promising approach. Our objectives thus are: firstly, to map the methodology for bridging academia and practice; secondly, to present the topic of our study and its innovative research design in detail, as well as the resulting preliminary findings; thirdly, to assess its potential for bridging the gap; and finally, to reflect on the broader opportunities the design offers for empirically studying current challenges in journalism.

Attempts of journalism research to bridge the gap

There is no consensus among scholars on the fundamental differences between the academic and applied fields in journalism. In Barkho’s (2017b) edited book on practice-based journalism research, authors debate whether these two worlds are fundamentally distinct or share more than previously assumed. The most apparent distinctions are the disparate temporal and stylistic conventions (Ray, 2017). Yet, both journalists and academics are engaged in inquiry, publishing, and the aspiration to effect change (Eltringham, 2017). Ultimately, it is less fruitful to attempt to erase the distinction between science and practice than to build bridges between the two realms, thereby facilitating the emergence of novel forms of collaborative research.

There have been some timid methodological and theoretical reflections about such endeavours. Yet, there is no well-established form to talk about applied journalism research. Scholars use terms like applied, participatory, action, inter- or transdisciplinary, innovation or even transformative research (Barkho, 2017a; Meier, 2011; Schützeneder et al., 2022). This diversity indicates the absence of a unified singular understanding of practically relevant research in our field.

Applied research in journalism studies can manifest in various forms, situated on a continuum of two dimensions (see Figure 1). On the one hand, research can show varying degrees of the involvement of practitioners in the overall research process. On the other hand, they may vary in relation to an intervening, applied element. It is essential to recognise that research designs can be situated at any point on the two dimensions and can take forms that fall between the approaches described below.

Figure 1.

Dimensions of practice-oriented research (own illustration).

While practice-oriented research that includes transfer components and active participation of research subjects may be designed without intervening elements, the defining characteristic of action-innovation and PAR (participatory action research¹) is that the design incorporates an intervention into practice. Consequently, these forms of research seek to evaluate a potential solution to a practical problem (Grubenmann, 2016).

The most critical discussions of practically relevant journalism research occur in relation to its mission. This entails considerations of whether it is academia’s role to intervene actively in journalism practice. There are those who caution against a too-close relationship with the “client”, arguing that this could result in the researcher becoming an instrument for the industry or politics (Wyss, 2016). Schützeneder et al. (2022) also highlights some important challenges when doing transfer or participatory research, notably role conflicts and dependencies that might challenge independent research.

Our research and transfer project on digital security is situated within the action-innovation research according to Meier (2011), indicated in blue in Figure 1. Its central element, the action, involves the rather uncommon combination of training and research to examine learning processes initiated through the trainings and to contextualise journalists’ awareness of the issues. When it comes to innovation, the underlying theme is novel in itself: Awareness of digital risks involved in the protection of sources, oneself, and the media company, are core journalistic skills, yet remain under-studied (Di Salvo, 2024).

We are interested in journalism research “that matters” (Bélair-Gagnon and Usher, 2021), and this research design presents advantages for the journalists and editorial offices involved, as they benefit from training and first-hand insights into research findings. At the same time, the dialogue with practitioners and the direct testing of security procedures - which are accepted or rejected - result in scientific advantages and new research questions (Schützeneder et al., 2022).

Journalist’s safety and the emergence of digital threats

The (in)security of journalists² as a threat to press freedom and democracy has increased in recent years (RSF, 2024; UNESCO, 2021). Consequently, it has been the subject of extensive multidisciplinary research agendas (UNESCO, 2015) and interdisciplinary influences (see Krøvel et al., 2023). Legal and political conditions play an equally significant role as structural and institutional realities (Hamada, 2022). With increasing threats to press freedom, journalism’s and journalists’ resilience depends on technical, professional and innovative skills (Waisbord, 2022).

Research on journalists’ safety and security, finds its roots in war and conflict reporting that focussed mainly on physical security and impunity (Tumber, 2019). While then, safety was a problem that touched particularly the so-called Global South, in the last decades, the problem spread globally (Waisbord, 2022). Since, the consequences of journalists’ lack of safe and secure working conditions are discussed more broadly, with the impact on press freedom at its core (e.g., Orgeret and Tayeebwa, 2020).

The research into the digital aspects of security and surveillance in journalism has intensified significantly since the disclosures made by Edward Snowden in 2013. The UNESCO incorporated “Digital Issues” in its research agenda on “Security in Journalism” (2015). While the advent of the internet has facilitated new avenues for journalists to collect and process information, it has also introduced new challenges and risks (McGregor, 2021). These include concerns pertaining to information security (e.g., Di Salvo, 2022), surveillance by state and non-state actors (e.g., Solove, 2006), and the targeting of individual journalists as well as their media organisations by criminal actors.

With social media platforms, research focus has shifted towards online violence and its psychological and societal consequences (e.g., Baroni et al., 2022). This phenomenon is becoming increasingly prevalent and affects women and minorities disproportionately (Posetti and Shabbir, 2022). This illustrates that digital threats exert pressure on diverse voices in the media and add further psychological and financial stress to journalists and media organisations, who already contend with deteriorating conditions.

Slavtcheva-Petkova et al. (2023) thus advocate for a comprehensive approach to journalists’ safety that incorporates a holistic framework based on the political and sociological concept of power dynamics (e.g., Haugaard, 2012). The authors distinguish between two dimensions of safety: “personal” (physical and psychological) and “infrastructural” (digital and financial). Based on these considerations, we define digital security as the protection of journalists and their investigations from the aforementioned power dynamics, including attacks on journalists themselves, their sources, as well as the protection of IT structures.

Digital security, surveillance, and its consequences

In response to the revelations of Snowden, a first anthology about digital security of journalists (Bell and Owen, 2017) reflects on the effects of digital surveillance on journalists’ work and their communication with sources. The discussion commenced with an examination of the negative, deterring effects of surveillance. The term “chilling effects” is employed, deriving from US jurisprudence and originating with the work of Schauer (1978). This legal concept has been adapted in the social sciences and is used to argue that surveillance can deter people from taking action (Büchi et al., 2022). In this sense, the chilling effects of surveillance are comparable to Foucault’s panopticism (1995).

Although the concept of chilling effect has become part of the “everyday discourse” (Townend, 2014: p. 1) and several studies have investigated these effects in journalism (e.g. Bradshaw, 2017; Mills and Sarikakis, 2016; PEN America, 2014), Büchi et al. (2022) point out that there are only fragmented, incoherent, partial theories and “extremely limited empirical research” (p. 2). Westlund et al. (2022, p. 1819) posit that journalists “do not necessarily turn to silence but may adapt their journalistic practices by way of choosing other methods and routines”. Consequently, there is a paucity of studies that relate potential (chilling) effects to journalists’ counter-strategies, particularly in the context of digital security.

Yet, developments in the direction of a “new normal” have occurred that are categorised in surveillance studies under the heading of “post-panoptic” theories (Boyne, 2000; Haggerty, 2011). These approaches recognise surveillance as a ubiquitous aspect of digitised society (e.g., Andrejevic, 2014) and examine its actual consequences rather than assuming a normative, disciplinary effect that can take on dystopian traits. In everyday life, surveillance often has no meaningful impact or can even serve as a motivating factor (Monahan et al., 2010). Therefore, a merely fatalistic attitude is increasingly inadequate. Consequently, journalism research is tasked with developing novel conceptual frameworks to comprehend the multifaceted effects of surveillance (Moßbrucker, forthcoming), and digital threats more broadly.

In the field of information security, the majority of researchers adopt either an instrumental approach, which focuses on the practical aspects of secure tools and their adoption, or a cultural approach, which delves into the underlying rationale behind secure practices (Di Salvo, 2022). The findings demonstrate that the nature of threats has become more intricate as a consequence of digitalisation (Henrichsen et al., 2015) and that source protection has deteriorated (Posetti, 2017). Nevertheless, this does not necessarily result in an increased willingness on the part of journalists to adopt secure behaviour (Crete-Nishihata et al., 2020). The technology can turn out to be unsuitable in practice (Henrichsen, 2020a). Tsui and Lee (2021) posit that the coping with insecurity depends on varying degrees of technological proficiency and mindsets. These findings indicate a need for a more nuanced approach to examining the consequences of surveillance and digital threats in journalism practice. The presence of individual “Security Champions” (Henrichsen, 2020b) in newsrooms is insufficient. To effectively address the identified threats, it is essential to implement comprehensive and sustained training for all journalists.

Exploring and conceptualising digital security

The issue of digital security for journalists and their sources has been largely neglected in empirical studies, with a particular absence of research in Germany. Our project thus engages in exploratory action-innovation research that examines the topic broadly. The objective of this study is to ascertain whether German journalists are aware of the risks associated with digital security, how they utilise secure tools, and what consequences digital (in)security has on their everyday work. Additionally, we aim to investigate the infrastructures that are in place within media organisations and how journalists make use of them. Moreover, we are interested in the effects of the training on journalists’ awareness and use of tools. This paper, therefore, reflects on the benefits of the action-innovation design to collect data that allow us to answer these complex research questions and to transfer knowledge into practice.

To examine the data, however, an approach is required that situates the journalist as a social actor within the technological sphere. Such a socio-technical perspective (Lewis and Westlund, 2015) calls for an interdisciplinary framework for digital security in journalism that integrates “activities by human social actors engaging with different sorts of technological materiality […]” (Westlund et al., 2022: 1815). In an effort to conceptualise the issues surrounding journalists’ safety, Newsafety proposes three dimensions: safety and infrastructures, with a focus on technological environments; safety in practice, including threats and their influence on journalism’s epistemology and practice; and safety and its wider psychological and societal consequences (Westlund et al., 2022).

For the purpose of this paper, we concentrate on the initial two dimensions of Newsafety, ‘Security and Infrastructure’, and ‘Security in Practice’ (Table 1). We also focus on the individual level, on the one hand, with the objective of identifying the strengths and weaknesses of journalists’ competences and practices. On the other hand an institutional perspective is essential, given journalists’ embeddedness in broader systems of influences and organisational structures (Hanitzsch et al., 2010).

Table 1.

Digital security according to the individual and institutional level as well as the dimensions of infrastructures and practices.

	Individual	Institutional
Security and infrastructure	e.g. Individual infrastructure, tools	e.g. Organisational infrastructure
Security in practice	e.g. Awareness, skills, threats	e.g. Agenda, standards, policies, training

Own elaboration based on Westlund et al. (2022) and Slavtcheva-Petkova et al. (2023).

Our action-innovation approach: building bridges by research design and transfer

In accordance with the principles of action-innovation research, our project juxtaposes two components: empirical research and the development of practical skills for journalists. The objective is to implement and study protective knowledge and skills in editorial offices through the training of individual journalists.

Research design and methods

The overarching research design is centred upon the implementation of practical 1-day trainings, which were provided to a heterogeneous group of 21 editorial offices throughout Germany, in addition to two networks that facilitates the organisation of freelancers. The sample included public and private broadcasters, national and local newspapers, and online publishers. The trainings were embedded in a mixed-methods research design, which included an online survey prior to the training, participant observation during the training, and another online survey 4 months after the training. Each method aimed to collect complementary data (see Figure 2).

Figure 2.

Data collection methods and the type of data aimed for (own illustration).

The online survey on LimeSurvey prior to the training included a series of questions relating to the respondents’ awareness of digital security, their perceived and actual exposure to digital threats, their utilisation of tools and potential constraints, chilling effects and the protection of sources as well as measures implemented by their employers to address the aforementioned issues. The survey concluded with questions about professional and personal characteristics.

Each of the 23 trainings was observed by at least one researcher and a student assistant. The sessions were not recorded regarding confidentiality and the potential for contradicting our own claims when discussing surveillance. However, comprehensive notes were taken throughout the duration of each training and subsequently converted into standardised protocols. No prompts were provided, and the researchers assumed the role of passive observers, striving to create as little disturbance as possible, while the trainers conducted a typical session. The objective was to gather data to contextualise survey answers, to identify specific use cases, and obtain information about implicit and informal practices in the newsrooms.

In the second online survey, 4 months after the training, respondents were queried about the practical implementation of recommendations derived from the training, as well as potential obstacles they encountered. Additionally, questions pertaining to risk awareness, chilling effects and the employers’ measures from the initial survey were reiterated to assess the impact of the training.

The data from the surveys have been analysed descriptively in SPSS, while the observation protocols have been coded thematically in MaxQDA. Subsequent analytical steps will include hypothesis testing and theoretically guided analysis.

By using online surveys and participant observation, we combine the advantages of quantitative and qualitative research methods, thereby creating a comprehensive and valid research design to explore a topic that remains under-researched and under-theorised.

Sample

The selection of participating media organisations was theoretically guided. The selected media outlets disseminated the invitation among their respective staff, thereby enabling interested journalists to register. The sole prerequisite for participation was that the selected individuals should represent the newsroom, with a particular focus on those who are regularly in contact with sources. In total, 23 1-day workshops were conducted with 230 participants. 231 completed the online pre-survey and a total of 210 individuals participated in both, representing a 91% response rate. This discrepancy can be attributed to the fact that some participants were only able to take part in either (due to illness, short-noticed assignments, etc.). After the training, 142 participants completed the follow-up survey, resulting in a 62% response rate. These high response rates demonstrate that a practically relevant research design can facilitate access for researchers to comprehensive data, as the benefits for the participants are immediately recognisable.

The key socio-demographic indicators are comparable to the most recent representative data on journalists in Germany. However, there is a slight overrepresentation of young and female journalists in our sample: In fact, over half of the participants were younger than 40 and 46% female. This contrasts with the average age of German journalists, which is 45.3 years old and 44% being female (Loosen et al., 2023). Moreover, in our sample, 22.3% of journalists were employed on a non-permanent basis, in contrast to 19.7% reported by Loosen et al. (2023). The focus of our study was on journalists who regularly interact with sources. Thus, 62.9% of participants were editors and reporters who were most frequently reporting on politics and (local) news.

Transfer at the core: How we trained journalists

The conceptualisation of the trainings was based on two main principles: firstly, the training was to be led by the best available trainers, with many years of experience as trainers and journalists. Secondly, to enhance the appeal of taking part in the project, the workshops were to be offered at no costs, which required funding. In 2022, the Federal Government Commissioner for Culture and the Media (BKM) invited tenders for the promotion of quality journalism. Our project, with its unique combination of scientific research and practical components convinced the funders.

How did the training sessions look like? Our trainers collaborated with the participants to elucidate on the digital threats and to hand on methods for safeguarding themselves and their communication from harm. The emphasis was on tools for account security, encryption, data storage, and anonymisation. As the trainers are active journalists themselves, they did not merely develop theoretically or technologically secure workflows with the participants, they also adapted suitable good practices for relevant cases. One additional benefit was that the tools were (ideally) installed on the trainees’ own devices, thereby facilitating direct application in their daily work.

The training employed a holistic approach, which included an introduction to the technical contexts, journalistic principles, and legal basics of source protection. Additionally, they addressed physical circumstances related to digital security, such as data security during reporting from crisis zones and when crossing borders. Each training commenced with a module on threat modeling, during which participants were encouraged to reflect on their individual, very specific scenarios and to align their strategies accordingly. This allowed the journalists to use and adapt the tools to specific situations.

One challenge was to make the trainings as standardised as possible in order to generate comparable data for the research, while adapting them to the individual and editorial needs of the participants. To this end, we assessed participants’ individual perceptions and needs within the survey. Additionally, we sent a query to the respective IT departments to avoid recommending processes and tools that contradict in-house requirements. This balance is of particular importance when conducting practical research that simultaneously respects the needs of scientific standards and practical application.

Results: Comprehensive data on digital security on individual and institutional levels

The data collected during the project is extensive and will be subjected to further, specific analysis (e.g., with a focus on gender, local journalism, innovative cultures, or real-life threats mentioned). In this paper, however, we will limit ourselves to a brief presentation of the main findings and their relation to the particular research design that allowed the collection of such comprehensive data. These preliminary findings are derived from the surveys and observation. They should demonstrate the efficacy of our research design and the value of the data collected through it. As previously stated, we organise these findings according to the dimensions of ‘Security and Infrastructure’ and ‘Security in practice’ on the individual and institutional levels.

Security and infrastructures

The observation of training sessions revealed considerable differences in the proficiency of trainees in the utilisation of tools and technologies. While some journalists demonstrated a notable aptitude for technology and familiarity with sophisticated tools, others exhibited reservations regarding the accelerated pace of digital advancement and perceived it as a challenge to remain up-to-date. This finding highlights the imperative for sustained training.

Nevertheless, the training yielded a favourable outcome in terms of participants’ willingness to employ novel, secure tools. Prior to the training, 46% of respondents indicated that they had altered their tools due to security concerns. Conversely, following the training, 57% reported having ”tried out new software/apps due to security concerns”, predominantly those presented during the training. The tool most frequently adopted was a password manager.

At the institutional level, some media houses have recently implemented a password management software. The observation revealed that journalists encountered difficulties in the adoption process, primarily due to a lack of communication and support. This finding was corroborated by our follow-up survey, which indicated that individual adoption of new tools can be hindered by a lack of time, the tools being too complex, or the lack of opportunities to use them. Consequently, a more comprehensive approach to communication and a participatory introduction are essential to facilitate the effective integration of new tools.

In addition to technological environments, the infrastructures provided by media organisations represent a crucial component. Despite the fact that cybersecurity is a significant concern for German publishers, they are reluctant to invest in and implement specific structures to address it (KPMG, 2024). There is a dearth of research examining the infrastructures that support journalists and their impact on security. Our survey findings indicate that over half of journalists are unaware or uncertain about their employers’ digital security practices.

The observation of trainings and online surveys also revealed notable discrepancies between freelance journalists and permanent staff. Freelancers bear responsibility for their own security but enjoy greater flexibility and freedom in the use of tools and services (77.8% vs 17.5% feel ‘very free’ in choosing the digital tools to use professionally). In contrast, permanent staff are dependent on the existing infrastructure and may encounter difficulties in integrating new tools. In instances where there is a discrepancy between the infrastructure provided and individual needs, a “shadow”-IT may emerge, whereby journalists utilise tools that are not officially supported. This can lead to an increased risk of security breaches, as these are not subject to monitoring by the IT department.

Security in practice

At the individual level, our surveys indicate a lack of clarity regarding awareness and utilisation of secure tools. Despite the fact that the majority of journalists feel relatively secure online, up to 46.8% of respondents indicated that they were only partially or not aware of the digital risks associated with journalistic research. To examine the current situation, it would have been sufficient to limit the research to online surveys. However, it is the combination of methods that allows for a more profound comprehension of the risks and applications of tools and the testing of survey responses. For instance, the presurvey indicated that the majority of journalists self-reported the ability to create a secure password. However, the observation of trainings revealed that misconceptions about what constitutes a secure password persisted. Similarly, in relation to WhatsApp, many journalists found it insecure in the survey and were unaware that it employs end-to-end encryption similar to Signal as later discussed in the training.

As previously discussed, insecurity, harassment, and surveillance can result in a phenomenon known as “chilling effects” (e.g. Eide, 2019; Posetti and Shabbir, 2022). Our findings indicate that while there are indications of some forms of chilling effects, there is no evidence of a general silencing. Conversely, there is evidence that digital threats and the risks of surveillance may prompt a response in the form of increased vigilance or the use of more secure tools. This finding is consistent with Tsui and Lee (2021), who found that tech-savvy journalists perceive security as an opportunity. Consequently, respective literature requires further differentiation in order to accommodate the complexity of the issues at stake. It would also benefit from a post-panoptic update following Foucault (1977/1995).

In general, the findings indicate a need for more practical, applied training centred around threat modeling. As Berdan (2021) elucidates, the plethora of existing digital security guides fails to be kept up to date and to assist journalists in integrating the numerous tools into their everyday practice. In the initial survey, respondents requested additional training opportunities and greater autonomy in utilising secure tools. The follow-up survey revealed that some media organisations had attempted to implement compulsory digital security training, to introduce new soft- or hardware, or to enhance overall security protocols. However, survey respondents identified potential obstacles hindering their media organisations from providing a more secure work environment. These include financial and time constraints, a lack of priority and awareness of the issue, and ambiguous responsibilities.

Discussion: Bringing action and research together

As evidenced by the preceding results, the design of our transfer project proved appropriate and beneficial with respect to the research component. Furthermore, the intervention was deemed adequate and effective by the journalists who participated in the trainings. In the following section, we will thus reflect on the effects and insights of our method.

Effects of the trainings

The journalists who participated in the training exhibited an enhancement in their competences, which was the intended result. The proportion of participants who responded to the inquiry «How safe do you feel in the digital space when you consider potential threats on your job?” with “safe” or “rather safe” increased significantly, from 59% to 76.4%. Additionally, the training has resulted in an increase in the participant’s interest in the issue and a greater willingness to consider new perspectives and tools. However, it remains to be seen whether this will have a lasting effect, and a longer-term follow-up study is necessary to determine this.

Similarly, there was an enhanced recognition of the issue and of prospective avenues for editorial and/or corporate advancement in the domain of digital security. The subject was not only placed on the agenda of participating media companies, but also discussed among the trained journalists and their colleagues. Moreover, it became evident that the respective companies were lacking systematic approaches. The results of the follow-up survey show that training participants would prefer continuous training based on the input provided. This finding is consistent with the preliminary survey results, in which over 90% of respondents expected from their employers to provide further training. Our observation revealed that this left a mark when people from the management were present. In three media companies, the intention was explicitly expressed to integrate such training as part of the onboarding of new employees or in vocational training.

The aforementioned effects were made possible by trainers who are also journalists, thus enabling them to comprehend the routines, procedures, and challenges that journalists encounter on a daily basis. Consequently, trainees have emphasised the practice- and application-oriented nature of the trainings and the valuable insights gained from knowledgeable trainers in their evaluations. However, some have expressed concerns regarding the time constraints faced due to the comprehensive and applied content covered, again calling for continuous training.

The value of trainings

The benefits of integrating research and practice through trainings for professionals have been highlighted on numerous occasions. At the individual level, it is crucial to provide training to end users, namely journalists, as the greatest vulnerabilities lie within their daily work processes. Journalists must therefore be equipped with the necessary protection skills, which they often lack from their employers. However, security may also fail due to institutional barriers, such as those encountered in mobile device management.

The notion that training can entirely mitigate the risks associated with journalistic investigations is, however, misguided. Critiques of isolated short training courses have emphasised the difficulty in attributing impact to a single training (Schiffrin and Behrman, 2011). Nevertheless, our follow-up survey suggests that even months after the training, awareness remains heightened and knowledge can be activated when needed. Moreover, the research component aims at reflecting back findings to the management for enabling institutional changes that go beyond the trainings. Hence, our study aims to raise awareness of the fact that the long-term guarantee of digital security for journalists and the protection of their sources can only be achieved through the implementation of a comprehensive set of measures. These include among others behavioural change among journalists, technical precautions in media organisations or legal protection in the event of disputes (confirming e.g. Hamada, 2022).

The combination of methodologies employed proved highly effective in identifying these issues by contextualising and placing the data from the online survey in perspective. However, the training sessions were also crucial from a purely exploratory point of view. Many specific use cases (especially at the local level) or editorial positions that are particularly affected (e.g., social media editors or archivists) have received minimal attention or been overlooked in previous research.

Practical lessons learnt

In addition to a robust theoretical framework and precise methodology, action research in media organisations necessitates practical considerations for the successful completion of this process. The following recommendations may prove beneficial for those engaged in action research:

(1) It is crucial to identify the appropriate contacts at the outset, particularly in large media companies. The top management level may not directly be involved in the subject matter.

(2) Don’t miss out on local media. Due to limited resources and time, local media companies are more reluctant to participate. However, without their involvement, the findings may not be comprehensive.

(3) Utilise “metadata” off the main road. Data derived from the preparation of research and training were, at times, more pertinent than initially anticipated.

(4) It is advisable to include individuals who can facilitate communication between editorial offices and IT departments, as they can play a pivotal role in ensuring the smooth functioning of both.

Conclusion: (Re)-gaining influence

The threefold bridge that we attempted to build over the research-practice gap proved valuable.

On the one hand, the project demonstrated that the practical value of journalism research is a worthwhile pursuit (pillar one). Communication scientists must not merely adopt ready-made solutions in an attempt to counsel journalists and effect changes within editorial offices (Grubenmann, 2016). Particularly in fields and problems that are new and undergoing rapid development, a qualitative and mixed approach is recommended (Reißmann et al., 2022). This approach must be hands-on, open to new ideas, and willing to review previous assumptions. It is therefore essential that both journalists and researchers engage in the process of learning and adaptation.

On the other hand, the relevant and up-to-date research topic lent itself as a starting point to improving journalism practice (pillar two). In a world where the monitoring of journalists and their interactions with sources is a ubiquitous possibility (Andrejevic, 2014), the threat by state or non-state actors, including cyber criminals and extremist groups, is ever-present. Given this complex situation, it is indispensable that journalists and media organisations continue to develop strategies and acquire tools to protect themselves against possible attacks. These must be regularly updated and adapted to reflect the evolving circumstances. Digital security will continue to be a significant challenge in journalism for the foreseeable future. This is not merely an individual challenge; it is also a responsibility of media organisations themselves. While our 23 training sessions represent a considerable number, the undertaking would remain a drop in the ocean in the absence of further training in digital security, which should become a mandatory requirement in modern media companies. Ensuring safe and secure journalistic work and the protection of sources is in their own best interests.

The ability to offer such a research project hinges on the establishment of a close collaborative relationship with practitioners. Journalists, trainers, or information security officers who possess expertise in both domains can serve as mediators and facilitate mutual understanding (Barkho and Lugo-Ocando, 2022). In our case, the collaboration with specialised trainers who possess extensive practical experience (pillar three) proved invaluable. The journalistic background of the trainers was instrumental in fostering trust and mutual understanding.

It is our contention that our research design has the potential to serve as a model for imitation, particularly insofar as it can be applied to different areas. For example, it can be assumed that studies on the use of artificial intelligence in newsrooms will become increasingly prevalent in the near future (e.g., Newman, 2024). As with the topic of digital security, the objective is to foster a general understanding, awareness and appropriation of the subject matter without intervening directly in established routines. Research that is practically relevant to the field would be beneficial in guiding the cautious ongoing process of integrating AI into journalistic work and production. Other such topics could include verification (and the fight against fake news) or advanced data journalism.

It is well established that journalism and the media are highly dynamic systems. Attempting to keep track of their rapid development, let alone to define the status quo, is a demanding task (Peters and Broersma, 2017). Only a communication science that maintains a dialogue with practice and remains up-to-date with regard to ever-changing processes will be able to (a) make valid claims about current journalism and the media and (b) be heard by practitioners. The greater the number of journalists who are able to experience the useful value of research, the greater the influence will be. Transfer in the sense of action-innovation research can foster such productive collaboration.

Footnotes

Acknowledgements

We thank our trainers,Daniel Moßbrucker and Annkathrin Weis,for their amazing work,feedback and enlightening discussions before and after the training sessions. Their insights and expertise greatly assisted the research,although they may not agree with all of the interpretations/conclusions of this paper. We thank our student assistants,Layla Boye,Leonie Urbanczyk and Tessa Wieschhörster,who contributed to the data collection and analysis surrounding the trainings.

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research,authorship,and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research,authorship,and/or publication of this article: This work was supported by the Die Beaufragte der Bundesregierung für Kultur und Medien (BKM) (2522MJ0005).

ORCID iD

Jannis Frech

Notes

Author biographies

Jannis Frech is a doctoral candidate and research associate at the University of Hamburg. His research focuses on all things digital in journalism,from methods for investigation to storytelling and AI. He’s also interested in journalistic aspects of climate crisis,transformation and sustainability. Jannis got his insights into the field while working as a reporter and editor for several years,focusing on video,news and aviation,mainly for German magazine Stern.

Volker Lilienthal,is Professor of Quality Journalism at the University of Hamburg and head of this research project. His work focuses on journalistic research,media ethics and digital journalism. In his former professional life,he was the responsible editor of a specialist service for media topics. In 2009,the University of Hamburg appointed him to an endowed professorship named after Rudolf Augstein,the founder of the news magazine Der Spiegel.

Viviane Schönbächler is a postdoctoral research associate at the University of Hamburg. Her research focus lies on media and conflict,digital security,and feminist media studies. Viviane has a background in international relations,peace and conflict studies,as well as media studies. She has worked in the field of humanitarian and development cooperation in Lebanon,Turkey,and Burkina Faso.

References

Andrejevic

(2014) Ubiquitous surveillance. In: Ball

Haggerty

Lyon

(eds) Routledge Handbook of Surveillance Studies. London, New York: Routledge Taylor & Francis Group.

Barkho

(2017a) Linking theory to practice: changing the approach of media and journalism research. In: Barkho

(ed) Towards a Praxis-Based Media and Journalism Research. Bristol: Intellect, 207–213.

Barkho

(ed) (2017b) Towards a Praxis-Based Media and Journalism Research. Bristol: Intellect.

Barkho

Lugo-Ocando

(2022) The path to applied journalism and media studies. Journal of Applied Journalism & Media Studies 11(3): 261–266.

Baroni

d’Haenens

(2022) Protecting journalists from harassment: comparing existing protection mechanisms and the effects on democracy. In: Trappel

Tales

(eds) Success and Failure in News Media Performance: Comparative Analysis in the Media for Democracy Monitor 2021. Göteborg: Nordicom, 59–77.

Bélair-Gagnon

Usher

(2021) Introduction: improving journalism with academic research. In: Bélair-Gagnon

Usher

(eds) Journalism (Research) that Matters. New York: Oxford University Press, pp. 1–14.

Bell

Owen

(2017) Journalism after Snowden: The Future of the Free Press in the Surveillance State. New York: Columbia University Press.

Berdan

(2021) An evaluation of online security guides for journalists.

Blanchett

Mellado

Brin

, et al. (2023) Is it us or them? The challenge of getting journalists to participate in academic research. Journalism Studies: 1–19.

10.

Boyne

(2000) Post-panopticism. Economy and Society 29(2): 285–307.

11.

Bradshaw

(2017) Chilling Effect: regional journalists’ source protection and information security practice in the wake of the Snowden and Regulation of Investigatory Powers Act (RIPA) revelations. Digital Journalism 5(3): 334–352.

12.

Büchi

Festic

Latzer

(2022) The chilling effects of digital dataveillance: a theoretical model and an empirical research agenda. Big Data & Society 9(1): 1–14.

13.

Crete-Nishihata

Oliver

Parsons

, et al. (2020) The information security cultures of journalism. Digital Journalism 8(8): 1068–1091.

14.

Di Salvo

(2022) Information security and journalism: mapping a nascent research field. Sociology Compass 16(3): e12961. doi: 10.1111/soc4.12961.

15.

Di Salvo

(2024) Dealing with the black box: European journalists and the threats of spyware. Digital Journalism: 1–20.

16.

Eide

(2019) Chilling effects on free expression: surveillance, threats and harassment. In: Making Transparency Possible. Cappelen Damm Akademisk/NOASP, 227–242.

17.

Eltringham

(2017) Towards a new relevance: why the new media landscape requires journalists and media scholars to forge a genuine partnership for the first time. In: Barkho

(ed) Towards a Praxis-Based Media and Journalism Research. Bristol: Intellect, 23–34.

18.

Foucault

Sheridan

(1995) Discipline and Punish: The Birth of the Prison. New York: Vintage.

19.

Grubenmann

(2016) Action Research: collaborative research for the improvement of digital journalism practice. Digital Journalism 4(1): 160–176.

20.

Haggerty

(2011) Tear down the walls: on demolishing the panopticon. In: Lyon

(ed) Theorizing Surveillance: The Panopticon and beyond. Cullompton, London: Taylor and Francis; Taylor & Francis, pp. 23–45.

21.

Hamada

(2022) Determinants of journalists’ autonomy and safety: evidence from the worlds of journalism study. Journalism Practice 16(8): 1715–1735.

22.

Hanitzsch

Anikina

Berganza

, et al. (2010) Modeling perceived influences on journalism: evidence from a cross-national survey of journalists. Journalism & Mass Communication Quarterly 87(1): 5–22.

23.

Haugaard

(2012) Rethinking the four dimensions of power: domination and empowerment. Journal of Political Power 5(1): 33–54.

24.

Henrichsen

(2020a) Breaking through the ambivalence: journalistic responses to information security technologies. Digital Journalism 8(3): 328–346.

25.

Henrichsen

(2020b) The rise of the security champion: beta-testing newsroom security cultures.

26.

Henrichsen

Betz

Lisosky

(2015) Building Digital Safety for Journalism: A Survey of Selected Issues. Paris: UNESCO Publishing.

27.

Herrmann

Pridöhl

(2020) Basic concepts and models of cybersecurity. In: Christen

Gordijn

Loi

(eds) Ethics of Cybersecurity. Cham: Springer Nature, 11–44.

28.

KPMG (2024) Cybersecurity: Wie sich Verlage auf veränderte Bedrohungslagen einstellen. KPMG.

29.

Krøvel

Palumbo

Orgeret

(2023) Introduction: understanding roots and betweenness defining safety of journalists as a sub-field of research. Reading between the lines. Journalism Studies 24(7): 825–837.

30.

Lewis

Westlund

(2015) Actors, actants, audiences, and activities in cross-media news work. Digital Journalism 3(1): 19–37.

31.

Loosen

Von Garmissen

Bartelt

, et al. (2023) Journalismus in Deutschland 2023: Aktuelle Befunde zu Situation und Wandel.

32.

McGregor

(2021) Information security essentials. A guide for reporters, editors, and Newsroom Leaders. Irvington: Columbia University Press.

33.

Meier

(2011) Journalismusforschung als interaktive Innovationsforschung. Eine Methodologie für Wissenstransfer. In: Jandura

Quandt

Vogelgesang

(eds) Methoden der Journalismusforschung. Wiesbaden, Germany: VS Verlag, 67–82.

34.

Mills

Sarikakis

(2016) Reluctant activists? The impact of legislative and structural attempts of surveillance on investigative journalism. Big Data & Society 3(2): 205395171666938.

35.

Monahan

Phillips

Wood

(2010) Editorial: surveillance and empowerment. Surveillance and Society 8(2): 106–112.

36.

Moßbrucker

(forthcoming) Journalismus in einer Gesellschaft ubiquitärer Überwachung. Eine funktionale Analyse. Dissertation, Universität Hamburg.

37.

Moßbrucker

(2019) Digitaler informantenschutz. In: Schröder

Schwanebeck

(eds) Big Data - In den Fängen der Datenkraken. Nomos Verlagsgesellschaft mbH & Co. KG, 87–106.

38.

Newman

(2024) Journalism, media, and technology trends and predictions 2024.

39.

Orgeret

Tayeebwa

(2020) Introduction: rethinking safety of journalists. Media and Communication 8(1): 1–4.

40.

Pen America (2014) Chilling Effects: NSA Surveillance Drives U.S. Writes to Self Censor. Pen America.

41.

Peters

Broersma

(eds) (2017) Rethinking Journalism Again: Societal Role and Public Relevance in a Digital Age. Londin, New York: Routledge.

42.

Posetti

(2017) Protecting Journalism Sources in the Digital Age. Paris: United Nations Educational, Scientific and Cultural Organization.

43.

Posetti

Shabbir

(2022) The Chilling: a global study of online violence against women journalists.

44.

Ray

(2017) Journalists and scholars: a short manifesto. In: Barkho

(ed) Towards a Praxis-Based Media and Journalism Research. Bristol: Intellect, 15–22.

45.

Reißmann

Siemon

Lünenborg

, et al. (2022) Praxisprofile als mixed-methods Ansatz zur Analyse performativer Öffentlichkeiten: Vorschlag für eine relationale Journalismusforschung. Studies in Communication Sciences 22(1): 69–88.

46.

RSF (2024) World press freedom index – journalism under political pressure. Available at: https://rsf.org/en/2024-world-press-freedom-index-journalism-under-political-pressure (accessed 10 June 2024).

47.

Schauer

(1978) Fear, risk and the first amendment: unraveling the chilling effect. WM Law School Faculty Publications 879: 685–732.

48.

Schiffrin

Behrman

(2011) Does training make a difference? Evaluating journalism training programs in sub-saharan Africa. Journalism and Mass Communication Educator 66(4): 340–360.

49.

Schützeneder

Engelke

Uth

, et al. (2022) Transferprozesse in der Journalismusforschung: Chancen und Herausforderungen im inter- und transdisziplinären Kontext der Journalismusforschung. Medien und Kommunikationswissenschaft 70(1-2): 118–139.

50.

Slavtcheva-Petkova

Ramaprasad

Springer

, et al. (2023) Conceptualizing journalists’ safety around the globe. Digital Journalism 11: 1211–1229.

51.

Solove

(2006) A taxonomy of privacy. University of Pennsylvania Law Review 154(3): 477.

52.

Townend

(2014) Online chilling effects in England and Wales. Internet Policy Review 3(2). doi: 10.14763/2014.2.252.

53.

Tsui

Lee

(2021) How journalists understand the threats and opportunities of new technologies: a study of security mind-sets and its implications for press freedom. Journalism 22(6): 1317–1339.

54.

Tumber

(2019) Journalism in war and conflict. In: Wahl-Jorgensen

Hanitzsch

(eds) The Handbook of Journalism Studies. New York, London: Routledge, pp. 372–386.

55.

UNESCO (2015) UNESCO proposes research agenda for safety of journalists. Available at: https://www.unesco.org/en/articles/unesco-proposes-research-agenda-safety-journalists (accessed 7 June 2024).

56.

UNESCO (2021) Threats that silence: trends in the safety of journalists. Available at: https://www.unesco.org/reports/world-media-trends/2021/en/safety-journalists (accessed 10 June 2024).

57.

Waisbord

(2022) Can journalists Be safe in a violent world? Journalism Practice 16(9): 1948–1954.

58.

Westlund

Krøvel

Skare Orgeret

(2022) Newsafety: infrastructures, practices and consequences. Journalism Practice 16(9): 1811–1828.

59.

Westlund

Krøvel

Orgeret

(2024) Journalism and Safety: An Introduction to the Field. Routledge.

60.

Wilner

Muse

Coddington

, et al. (2024) The research-practice gap in journalism: why it exists and how we can address it: (white paper).

61.

Wyss

(2016) Medienwissenschaftliche Eingriffe in der Transdisziplinarität. VSH-Bulletin 3/4: 53–60.