Experts and Markets in Cybersecurity: On Definitional Power and the Organization of Cyber Risks

Johann Ole Willers

Research output: Book/ReportPh.D. thesisResearch

112 Downloads (Pure)

Abstract

As the digitalization of economies and societies has become seemingly all-encompassing, the governance of cyber risks has evolved into an issue of strategic importance across public and private organizations. Struggling to develop effective responses to this new type of risk, decision-makers operate in an environment of epistemic uncertainty and interdependence. Statements about risks that emanate through cyberspace are not simply representations of objective and observable phenomena. Instead, the diagnosis of cyber risks involves interpretations and judgments. As such, the politics of cyber risk opens the door for professional contestation and competition. How such authoritative understandings are produced is a recurrent concern throughout the separate parts of this dissertation. Concurrently, authoritative understandings of cyber risk demarcate policy options and drive the organization of cybersecurity more generally. As such, processes of diagnosis and treatment are closely entangled. Addressing the definition and organization of cyber risks as interrelated phenomena, I draw on insights from International Relations theory, the Sociology of Risk, the Sociology of Professions, and Science and Technology Studies to advance an analytical framework of embedded social action. In doing so, I highlight the critical role of private actors in shaping the parameters of cyber risk governance across jurisdictional and sectoral domains. This is not to suggest that public actors are irrelevant to these processes. Rather, I underscore how the dual condition of epistemic uncertainty and interdependence has de-monopolized public claims to authority and rendered the functional separation of actor-types on the basis of public-private dichotomies less useful. Experts act as managers of uncertainty and mobilize their claims to authority not only through formal interaction with the state, but through markets and market-like settings. I illustrate variations of this argument across four case studies. First, I emphasize the ambiguous character expert profiles through an analysis of expert committees in Denmark. Second, I document how private actors assert authority over transnational cyber risk issues through skillful framing, alliance-building, and the early mobilization of organizational resources. Third, I explore how representations of cyber risk are inscribed into calculative infrastructures. For this, I turn to an analysis of the cyber risk insurance industry. The final case zooms in on the market for surveillance and intrusion products to illustrate how private actors operate within environments that are enmeshed in geopolitical dynamics and forms of weaponized interdependence.
Original languageEnglish
Place of PublicationFrederiksberg
PublisherCopenhagen Business School [Phd]
Number of pages209
ISBN (Print)9788775680474
ISBN (Electronic)9788775680481
Publication statusPublished - 2021
SeriesPhD Series
Number35.2021
ISSN0906-6934

Cite this