Preparing for future cyber crises: lessons from governance of the coronavirus pandemic

Abstract The SARS-CoV-2 pandemic has had an immense impact on public policy and the management of risks that threaten critical systems, such as national health services. Drawing on perspectives from multiple disciplines, this article considers lessons-learned with respect to mitigating the threats to critical systems and societal harms presented by the proliferation of malware. The article dovetails crisis management with cyber resilience, for the purpose of analyzing transferable good-practices and areas-for-improvement, drawing on preparedness and response strategies deployed in public policymaking in the United Kingdom during the pandemic. Reflecting on key national and local ransomware incidents that have impacted key services, the article offers a post-SARS-CoV-2 review of recent British strategic outputs with respect to cyber resilience; most notably the National Cyber Security Strategy and the Government Cyber Security Strategy. The article focuses on lessons that may be learned with respect to communications strategies. The article argues that although the recent British cyber-security strategies hold significant promise in terms of improving preparedness, response and recovery in relation to future cyber crisis, nuanced, dynamic and empathetic multi-stakeholder engagement will be required in order to meaningfully implement the measures outlined in the strategy documents.