Governing cybersecurity risks from digital trade is a growing responsibility for governments and corporations. This study develops a systematic framework to delineate and analyze the strategies that governments and corporations take to address cybersecurity risks from digital trade. It maps out the current landscape based on a collection of 75 cases where governments and corporations interact to govern transnational cybersecurity risks. This study reveals that: first, governing cybersecurity risks from digital trade is a global issue whereby most governments implement policies with concerning that the cybersecurity risks embedded within purchasing transnational digital products can influence their domestic political and societal systems. Second, governments dominates the governance interactions by implementing trade policies whereas corporations simply comply. Corporations do, however, have chances to take more active roles in constructing the governance system. Third, supply chain cybersecurity risks have more significant impacts on governance mode between governments and corporations whereas concerns on different national cybersecurity risks do not. Fourth, the interactions between governments and corporations reveal the exisitence of loops that can amplify or reduce cybersecurity risks. This provides policy implications on transnational cybersecurity governance for policy makers and business leaders to consider their potential options and understand the global digital trade environment when cybersecurity and digital trade overlap.
Policy Implication
- The governance of cybersecurity risks from digital trade is genuinely a global governance issue. Understanding cybersecurity within digital trade is no longer just an option, but a must, for policy makers and business leaders.
- Governments mostly take actions as buyers regarding cybersecurity risks from digital trade, with a primary focus on their domestic political and societal system, while they can be lacking the capability to mitigate such risks. Facilitating the cybersecurity capability building is an essential task that the international community should promote.
- The governance practices are diverse, with a mainstream pattern where governments implement import-related trade policies and corporations take reactive actions. However, corporations have opportunities to shape the cybersecurity governance mode. Therefore, developing platforms effectively engaging both governments and corporations should be the operational bias for the global cybersecurity governance schema construction.
- Different national cybersecurity risks do not significantly impact digital trade governance for cybersecurity, while the supply chain cybersecurity risks do. Hence, when considering the global cybersecurity governance, the community should pay more attention to the supply chain cybersecurity risk management perspective.
- The interactions between governments and corporations can amplify or reduce the cybersecurity risks from digital trade, with the cyber trade norms development platform and corporate responsibility commitment mechanisms playing critical gateway roles to shape the direction. Hence, it is valuable to distinguish adopted, negotiable, or conflicting cyber trade norms to guide the cyber trade norm development, and investigate how corporations design their strategies and take a more active role to depoliticize the transnational cybersecurity risks.