Cybersecurity Capacity: Does It Matter?

Abstract

This work is licensed under Creative Commons Attribution CC-BY-NC-ND ABSTRACT National cybersecurity capacity building involves the development of managerial, technical, social, legal, policy, and regulatory initiatives by a growing ecology of actors to enhance the resilience of nations to cybersecurity breaches, cybercrime, and terrorism. Capacity building is therefore resource intensive, requiring attention across sectors of society, ranging from governments to Internet users. However, it is difficult to justify commitments to capacity building when the benefits of building national cybersecurity capacity are largely based on logical reasoning, limited case studies, anecdotal evidence, and expert opinion rather than systematic empirical evidence. To explore the value of capacity building, this article reports on the early phase of a systematic effort to bring together cross-national data from multiple sources to examine whether indicators related to the cybersecurity capacity of a nation help explain the experiences of Internet users—one of the final payoffs of cybersecurity capacity building.