Cyber security responsibilization: an evaluation of the intervention approaches adopted by the Five Eyes countries and China

Governments can intervene to a greater or lesser extent in managing the risks their citizens face. They can adopt a maximal intervention approach (e.g. COVID-19) or a handsoff approach, effectively “responsibilizing” their citizens (e.g. unemployment). To manage the cyber risk, governments publish cyber-related policies. The question that we wanted to answer was: “What intervention stances do governments adopt in supporting individual citizens managing their personal cyber risk?” We pinpointed the cyber-related responsibilities that several governments espoused, applying a “responsibilization” analysis. We identified those that applied to citizens, and thereby revealed their cyber-related intervention stances. Our analysis revealed that most governments adopt a minimal cyber-related intervention stance in supporting their individual citizens. Given the increasing number of successful cyber attacks on individuals, it seems time for the consequences of this stance to be acknowledged and reconsidered. We argue that governments should support individual citizens more effectively in dealing with cyber threats.