Collective action problems are social dilemmas in which individuals can achieve a positive outcome by cooperating but are unable to do it because of conflicting interests. Each of such problems can be addressed from different theoretical perspectives, the most common examples of which are realism, neoliberalism, and constructivism. The purpose of this paper is to study cybersecurity as a collective action problem and discuss how it is solved using the neoliberalist approach.
Cybersecurity is a global public concern, which has become particularly acute in recent years. It is defined as the protection of computer systems from theft, breach, information disclosure, or damage. In recent decades, hacks and security breaches have become increasingly widespread, causing a number of problems on the national and international levels and forcing businesses to spend large amounts of money on cybersecurity management (Bruijn and Janssen 1). Cyberattacks target users, organizations, and businesses in a variety of ways, making them implement a number of measures to protect their personal and financial data.
Cybersecurity is a collective action problem because it requires collaborative action and involves conflicting interests. Bruijn and Janssen define it as “a global phenomenon representing a complex socio-technical challenge for governments, but requiring the involvement of individuals” (1). The government, businesses, and individuals are all interested in the maximum level of protection but do not trust each other in the measures they take to address the issue.
Cybersecurity and Neoliberalism
Neoliberalism is a theory that is generally associated with the policies of economic and social liberalization aimed to increase the role of the private sector in society and the economy. It establishes “new political, economic, and social arrangements within society that emphasize market relations, re-tasking the role of the state, and individual responsibility” (Springer et al. 2). Neoliberalism is based on the liberal ideas of the 19th century, which are individualism, universalism, and melioration. Individuals acquire ontological priority over the collective; the economy is encouraged to expand towards the development of the world market; and humans are proclaimed to have the potential to improve and remake themselves (Springer et al. 19). In neoliberalism, these ideas are believed to be the key to extending competitive markets into all areas of life.
From the neoliberalist perspective, individual responsibility is considered to be the key to solving collective action problems. In regard to cybersecurity, it means that citizens are “responsibilized” to take actions to protect their own sensitive information (Renaud et al., “Is the Responsibilization” 198). Most governments adopt a minimal cyber-related intervention stance in supporting their citizens, only focusing on publishing cyber-related policies and relegating the task of managing cyberattacks to individual citizens and companies (Renaud et al., “Cyber Security Responsibilization” 577). Each business and individual basically takes their own measures to protect their data, relying on their own research and technological capabilities. The government only advises citizens how to take care of themselves and leaves them to face the consequences if they choose not to follow the advice. This approach allows society to avoid centralized regulation along with the connected risks and dangers, increase the technological literacy of the population, and timely address new cyberthreats.
Arguments Against the Neoliberalist Approach
The neoliberalist approach to cybersecurity has a number of disadvantages. First, it does not take into account that cybersecurity is a field which requires a level of technical expertise that is relatively rare in the general population. The task of securing personal systems and devices is too challenging for untrained individuals, and they need support, expertise, and technical resources provided by businesses and governments (Renaud et al., “Is the Responsibilization” 203). Second, if an individual or a business fails to secure their data, it quickly becomes a public issue that requires collective decision making. It makes it necessary for the state to develop risk regulation systems and supportive infrastructure (Renaud et al., “Is the Responsibilization” 200). Some scholars believe that the responsibilization of cybersecurity contributes to the global success of cyberattacks (Renaud et al., “Is the Responsibilization” 198). It is generally considered that the government needs to adopt a more active role, withdrawing from the neoliberalist perspective.
Cybersecurity is an issue that requires collective actions from the government, businesses, and individuals. Over the recent years, the neoliberalist approach to the problem was adopted by many countries, which places the focus on individual responsibility when taking cybersecurity measures. The government only provides citizens with the policies, and it is the decision of each company and individual to follow or neglect them. The advantages of this approach are the advancement of technologies and an increase in the technological literacy of the population, along with the absence of centralized regulations. The disadvantages are the lack of consideration for some individuals’ inability to protect themselves, and the collective responsibility for the consequences of responsibilization failures. Overall, it can be concluded that although the neoliberalist approach to cybersecurity is generally effective, it needs some changes to more adequately address the security challenges faced by modern society.
Bruijn, Hans, and Marijn Janssen. “Building Cybersecurity Awareness: The Need for Evidence-Based Framing Strategies,” Government Information Quarterly, vol. 34, no. 1, 2017, pp. 1–7.
Renaud, Karen, et al. “Cyber Security Responsibilization: An Evaluation of the Intervention Approaches Adopted by the Five Eyes Countries and China.” Public Administration Review, vol. 80, no. 4, 2020, pp. 577–589.
“Is the Responsibilization of the Cyber Security Risk Reasonable and Judicious?” Computer & Security, vol. 78, 2018, pp. 198–211.
Springer, Simon, et al. Handbook of Neoliberalism. Taylor & Francis, 2016.