Abstract
This paper presents an empirical study of the social and cultural aspects of cybersecurity capacity building in 78 nations. While nations within geographically defined regions might be expected to share similar attitudes, values, and practices around cybersecurity, this analysis finds that regional differences can be explained largely by cross-national differences in development and the scale of Internet use. These results question the centrality of regions in shaping social and cultural attributes directly tied to cybersecurity capacity. However, the analysis identifies some countries with greater and some with lesser levels of maturity in capacity building than expected only on the basis of their development and scale of Internet use. Further research focused on the dynamics of under- and over-performance of different nations might illuminate where regional contexts could place a brake on, or provide an impetus for, under- or over-performance in cybersecurity capacity building. That said, national development and the scale of Internet use are the most explanatory of cultural attitudes, values, and practices of societies tied to cybersecurity, such as trust on the Internet.
Highlights
Cybersecurity is about ‘the technologies, processes, and policies that help to prevent and/or reduce the negative impact of events in cyberspace that can happen as the result of deliberate actions against information technology by a hostile or malevolent actor’ [7]
The Cybersecurity Capacity Maturity Model for Nations (CMM) identifies attitudes, values, and practices of Internet users in households, business and industry, and government that are directly related to cybersecurity
Based on field research data in 78 nations reviewed under the Capacity Maturity Model for Nations’ (CMM) framework, we observe that our sample countries in Europe and Latin American and the Caribbean were, in average, more mature on these cultural and social aspects of cybersecurity than the countries in our sample within other regions
Summary
Cybersecurity is about ‘the technologies, processes, and policies that help to prevent and/or reduce the negative impact of events in cyberspace that can happen as the result of deliberate actions against information technology by a hostile or malevolent actor’ [7]. Our analyses suggested that regional differences in social and cultural underpinnings of cybersecurity exist, but that these differences can be accounted for by national economic and socio-political variables related to the level of development and scale of national Internet use. This led the analysis to identify three countries underestimated by our model and two overestimated, for which we argued that possible explanations for these over- and under-performing cases might entail regional considerations. We conclude by discussing the implications and limitations of this study along with suggestions for further research
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
