As cybersecurity challenges have multiplied across society, there is increasing confusion about how those challenges should be addressed. For many years, computer security was the preserve of a small cadre within the IT profession: in most cases, limited to a few individuals in banks and those concerned with National Security. It now seems to be widely accepted that this narrow perspective is simplistic and inadequate, because it fails to address some of the biggest problems. And yet a vision of cybersecurity as “everyone's problem” seems equally untenable. Many people are simply not equipped to make meaningful decisions relating to this topic, whether in their private or professional lives.
In addressing contemporary cybersecurity challenges, “responsibility paradox” has therefore emerged: while it is now widely acknowledged that cybersecurity extends beyond the purview of IT departments, others often fail to embrace further leadership on the issue. This paper by Andrew Martin and Jamie Collier explains the importance of involving an eclectic range of disciplines, organizations, and skill sets in addressing cybersecurity challenges. Acknowledging the impracticalities of everyone becoming a “cybersecurity expert,” the paper discusses practical measures for overcoming skill gaps. The empirical focus of the paper is on EU cybersecurity policy, with special attention to Estonian and regional efforts that seek to facilitate collaboration between diverse disciplines and to improve security practices.