ECPR

Install the app

Install this application on your home screen for quick and easy access when you’re on the go.

Just tap Share then “Add to Home Screen”

ECPR

Install the app

Install this application on your home screen for quick and easy access when you’re on the go.

Just tap Share then “Add to Home Screen”

The new EU Cybersecurity Strategy and the fight against cybercrime in times of COVID-19: a result of policy learning (2013-2020)?

European Union
Security
Policy Change
Policy Implementation
Isabel Camisão
Research Center in Political Science (CICP) – UMinho/UÉvora
Ana Brandao
Research Center in Political Science (CICP) – UMinho/UÉvora
Isabel Camisão
Research Center in Political Science (CICP) – UMinho/UÉvora

Abstract

In February 2013 the European Union adopted the first comprehensive EU Cybersecurity Strategy. Since then, the cybersecurity threat landscape rapidly evolved. The salience of the so-called hybrid threats significantly increased. What is more, the COVID-19 pandemic and the confinement measures adopted by governments to stop the spread of the virus critically accelerated digitalization, resulting in a well-documented rise of cybercrime. In December 2020, the European Commission and the High Representative presented a new EU Cybersecurity Strategy for the Digital Decade, designed to bolster Europe’s collective resilience against cyber threats. Focusing specifically on the cybercrime dimension, this paper has two interrelated goals: to assess the success of the 2013 Cybersecurity Strategy and to verify if the changes introduced by the new Cybersecurity Strategy are a result of policy learning. Drawing on theoretical insights from the literature on policy evaluation (e.g. Bovens and ‘t Hart, 1996; 2016; Bovens, ‘t Hart and Kuipers, 2008; McConnell, 2010) and on policy learning (e.g. Hall, 1993; Bennett and Howlett, 1992; Howlett, 2012; Dunlop, Radaelli and Trein, 2018), our goal is to answer two main research questions: How successful was the 2013 Cybersecurity Strategy in tackling cybercrime? Are the changes introduced by the new Cybersecurity Strategy to deal with cybercrime a result of policy learning?