Twenty-five years of cyber threats in the news: a study of Swedish newspaper coverage (1995–2019)

Abstract

AbstractThis paper explores how cyber threats are represented in Swedish newspapers. The sample comprises 1269 articles from three newspapers (Aftonbladet, Göteborgs-Posten, and Svenska Dagbladet) covering 25 years (1995–2019). The study provides a text-near and detailed analysis of the threats covered. The study analyzes these threats along several dimensions: their modality (e.g. unauthorized access or manipulation); to what extent ambiguous themes (e.g. attack, crime, and warfare) are specified in context; how cyber-threat coverage has changed over time; and the event orientation of the coverage, i.e. whether articles address topical events and, if so, which ones. There are five main findings. First, the Swedish newspaper cybersecurity discourse covers multiple threats; in total, 34 themes (present in at least 4% of articles) have been identified. Second, the representation of cyber threats varies in specificity. While generic themes such as attack and warfare are mostly specified in terms of their modality, they sometimes are not, leaving the representation vague. Third, this study, given its general approach, provides insights into media representations of particular cyber threats. For example, this study finds the meaning of “hacking” in the media to be more diversified and nuanced than previously assumed (e.g. as simply meaning “computer break-in”). Fourth, newspaper coverage of cyber threats has changed over time, in both quantity (i.e. the amount of coverage has increased) and quality, as three general trends have been observed: the state-ification and militarization of threats (i.e. increased attention to, e.g. nations and warfare as threats), the organization-ification of threats (i.e. increased attention to, e.g. government agencies and companies as threats), and the diversification and hyping of threats (i.e. cumulatively more threats are added to the cybersecurity discourse, although attention to particular threats is sometimes restricted in time). Finally, parallel to coverage of particular topical events (e.g. the “I love you” virus), newspaper representations of cyber threats largely exemplify “amplification without the event,” i.e. threats are covered without linking them to topical events, as is otherwise typical of news reports. The findings in relation to previous studies of cybersecurity discourse and the implications for informal learning and threat perception are discussed.