Nadiya Kostyuk (University of Michigan, Ann Arbor)
Abstract: One of the most important developments of the last two decades has been the spread of national cybersecurity policies that affect millions of people globally. Yet, researchers know relatively little about this phenomenon. I study cybersecurity policy diffusion as a two-stage process. Using a survival model, I demonstrate that a country's choice to adopt a cybersecurity policy is partially driven by the adoption of a similar policy by the country's neighbors---defined by geography, trade, or group membership. Then, using text analysis techniques, I study how much similarity exists between more recently adopted policies and policies in early-adopter neighboring countries. I show that the extent to which policymakers reinvent cybersecurity policies depends on the resources available to them, which are often determined by a country's threat environment, and by their linguistic and cultural proximity to the country early-adopter neighbors. As evidence, I gather a new cross-sectional time-series dataset of official cybersecurity policies from 1998 and 2018. My finding that similar factors drive policy adoption and policy content has important policy implications.