Cybersecurity is daily news. Data leaks and hackers are common features in the media. We tend to look to the government when things go wrong: what is the government doing about it? In this special issue we also look to the government and ask ourselves whether we are ready for the challenges of cybersecurity. Asking this question is simple. Answering it, however, requires sophisticated knowledge. This includes knowledge about the technology of today and the future. It also includes knowledge about governance. Who should be prepared in the age of distributed responsibilities? Which public and private parties can enhance cybersecurity, including you and me? Finally, what is does ‘being prepared’ mean exactly? This special issue includes three academic articles, five interviews and a column. Cybersecurity is viewed from different academic perspectives and professional positions. In its entirety, this special issue provides state-of-the-art of academic and professional thinking on government cybersecurity.

In this article the case is made that, unjustly, there is a lack of interest in the topic of cybersecurity of on the part of public administration scholars and professionals in the topic of cybersecurity. ICT has become persistent in society and so has cybercrime, cyber sabotage and cyberespionage. The threats are real and growing. There is market failure and consequently there is a need for government intervention. This poses new challenges to governments as jurisdiction problems and sovereignty-issues arise, together with the dominance of private actors. The authors argue that a multistakeholder approach in such a networked environment is crucial but not sufficient. The concepts of Lessig and Thaler/Sunstein are used to sketch new and broader potential policy strategies.

The speed and disruptive character of digital innovations affect social structures and practices faster than institutions can keep up with them. This results in an ‘institutional void’, i.e. a gap between the rules and institutions and their ability and the effectiveness of their measures. It also affects the institutional stability that is the basis for the paradigm of collaboration-based types of governance. In this paper, we explore how parties are able to set up collaboration for digital security, which is inherently a topic that transcends organisational boundaries. Yet digital innovations constantly enable new challengers that might not share the same incentives for collaboration. Life in an institutional void is convenient for them and enables new business models. Hence, a key question is whether (institutionalised) collaboration is a sustainable model for addressing shared problems like digital security. We explore this question in the domain of financial cyber fraud. The new (regulatory) space currently being created for innovators suggests that the answer is ‘no’. It is too early to say how this will play out specifically and we argue for further research into the antecedents for collaboration in institutional voids.

A major issue confronting Dutch municipalities is that informal help is not being accepted. This concerns potential clients who avoid or are reluctant to ask for support that can be provided by friends, family, neighbours or volunteers. This phenomenon of non-acceptance is still underexplored and our theoretical understanding is fragmented at best. We explore various explanations for why people avoid seeking help, drawn from various and – until now – largely separate bodies of literature. From an extensive literature review across the disciplines of psychology, sociology and public administration, we distil four possible causes for refusing to accept help. We conclude with a discussion of the practical implications and possible future research avenues.

Government cybersecurity requires action from many public and private actors. Both collective knowledge and collective priority are needed to ensure cybersecurity at a government level. This makes collective learning essential. There is a system of arrangements that includes all kinds of governmental organisations and private parties. How can learning be stimulated in this system? And what is the need for steering here? This article provides answers to these questions, based on the contributions in this special issue. We conclude that both central control and self-regulation are essential to cybersecurity, even if they are in conflict. We coin the term ‘complimentary self-regulation’. We also conclude that many arrangements have been developed or are under development, however, it is difficult to institutionalise the coherence between these initiatives. There is a long road ahead in terms of gaining a collective understanding. Cybersecurity and its organisation will probably not vanish from the administrative agenda any time soon.

Cybersecurity is becoming increasingly vulnerable. DDos attacks, phishing e-mails, ransomware, Russian hacker attacks on the head office of a political party are all part of our daily online businesses, for governments too. Governments play various roles here. They are internet users and rely on information on the internet. They are also suppliers of online information and in these roles they are connected to citizens, companies and other governmental organisations. Because of the role they play in society, the government possesses huge quantities of – often sensitive – information. They have the legal and moral obligation to be careful with this information and to secure it properly. Providing adequate security for information, however, is not an easy task for governments, especially because they usually do not operate in isolation. What factors threaten the security of government information and the systems involved? And who is accountable for the security of the information chains that are becoming complex as a consequence of cooperation between organisations?

Regional networks are often used by the central government in the Netherlands as a way of translating national purposes into regional action. At the same time regional networks increasingly arise from the bottom up. In short, it gets busy in the region. This article describes research on regional networks encouraged by the national government to handle complex issues in the domain of education and the labor market. The central question of this article is the way in which stimulating regional cooperation can be used effectively by the central government. Thirteen networks are studied with the help of interviews, questionnaires and data from social networks. The research findings show that in these networks that are encouraged from the top down, there is a tension between achieving short-term results and building cooperative relations, and that a sense of urgency in the region is an important prerequisite for success. This calls for more bottom-up co-determination of the policy agenda and the pace. In addition, there appeared to be a strong overlap between seemingly separate networks, thematically as well as in terms of staffing, which again offers opportunities for creating synergy. The findings call for using these ‘meta networks’ in the formation of networks. Both notions lead to some strategies for the effective use of regional networks.