The GCSCC has a growing body of quantitative cross-national comparative research on impact of cybersecurity capacity building. Two of the most recent papers are available open access.
Cybersecurity capacity-building: cross-national benefits and international divides
The first paper is based on field research from 73 nations and (1) describes the status of capacity-building across the nations with multidimensional data collected from the deployment of the Cybersecurity Capacity Maturity Model for Nations (CMM); (2) determines the impact of capacity-building on national indicators related to ICT use by the government, businesses, and individuals, and the citizens’ perceptions of their freedom of expression; and (3) explores the factors that are shaping national advances in capacity-building considering the wealth of nations and their Internet scale and centrality. The analysis finds that the level of capacity-building in most nations is at the very early stages of development, but had a strong, statistically significant and positive effect on overall use of ICT and on the citizens’ perceptions of their voice and accountability. However, the findings identified a digital divide in capacity-building, with incremental differences in capacity tied to the wealth of nations. The findings provide empirical support to national and international efforts aimed at building cybersecurity capacity. See: Creese, S., Dutton, W.H., Esteve-González, P., and Shillair, R. 2021. Cybersecurity Capacity Building: Cross-National Benefits and International Divides. Journal of Cyber Policy, 6(2): 214-235. See: https://www.tandfonline.com/doi/full/10.1080/23738871.2021.1979617
The social and cultural shaping of cybersecurity capacity building: a comparative study of nations and regions
The second paper presents an empirical study of the social and cultural aspects of cybersecurity capacity building with original data from the application of the Cybersecurity maturity Model for Nations (CMM), also in 78 countries. We found that countries in Europe and Latin American and the Caribbean were, on average, statistically more mature on cultural and social aspects of cybersecurity than the sample countries in other regions. However, these regional differences became statistically insignificant when controlling for variables related to the scale of countries (indicated by their number of internet users and total population) and their development (indicated by their percentage of internet users, GDP per capita, years of democracy, control of corruption, and regulatory quality). The findings of this study therefore emphasize the impact of national development in contrast to any social and cultural breaking effect that might be anchored in regions of the world. See: Creese S., Dutton W.H., and Esteve-González P. 2021. The Social and Cultural Shaping of Cybersecurity Capacity Building: A Comparative Study of Nations and Regions. Personal and Ubiquitous Computing, 25: 941-955. https://doi.org/10.1007/s00779-021-01569-6.
These papers build on previous work, including: Dutton, W. H., Creese, S., Shillair, R., and Bada, M. (2019). Cyber Security Capacity: Does It Matter? Journal of Information Policy, 9: 280-306. doi:10.5325/jinfopoli.9.2019.0280
For a full list of GCSCC publications, follow this link: Publications | Global Cyber Security Capacity Centre
