All security outcomes in cyberspace are determined by individual people, whose behaviour is shaped by their social setting, either organisational or cultural. Yet there has been little evidence of the necessary adjustment of policy or practice that gives due weight to the social science dimensions. This shortcoming is compounded by three others of equal or greater importance. First, the further socio-technical threat of unintended system failures, which may be dubbed â€œcyber incompetenceâ€, is also largely unstudied outside the technical realm. Second, decisions on digital transformation in all organisations can undermine or enhance security, and are in turn impacted by the competence levels of the decision-makers. Third, the susceptibility of leaders, managers and users to be swayed by disinformation generated by the media or even vendors in fast-moving situations is an equally important threat to business and security. This chapter sees these four problem sets as inextricably linked, and argues that we can only analyse any one of them by reference to the idea of the â€œsocial cyber ecosystemâ€ in which they all exist. The chapter introduces a novel concept to help achieve this reorientation: â€œcreating social cyber valueâ€. This refers to optimised information ecosystem performance: maximising benefit while minimising insecurity and incompetence.