Out with the Old, In with the New: Examining National Cybersecurity Strategy Changes over Time

Abstract

The development and implementation of a national cybersecurity strategy (NCS) is becoming increasingly common for countries around the world that seek to define an approach for addressing their cybersecurity risks. Although past research has sought to classify the individual characteristics contained within an NCS, it remains unclear how the core content within a strategy evolves over time in the face of new cyber threats and fluctuating priorities. By better understanding such changes (and their underlying drivers), policy makers can be increasingly attuned to essential NCS updates and citizens can more readily evaluate the adequacy of their country’s plans. This study examines multiple NCS versions in Canada, the United Kingdom, and Australia using a qualitative, content analysis approach. Our results point to four core themes that characterize NCS stability and change over time. Based on our observations, we articulate several theoretical propositions and outline a plan for future research.