National cyber crisis management: Different European approaches

Cyber crises, as new forms of transboundary crises, pose serious risks to societies. This article investigates how different models of public–private partnerships shape cyber crisis management in four European countries: the Netherlands, Denmark, Estonia, and the Czech Republic. Using Provan and Kenis's modes of network governance, an initial taxonomy of cyber governance structures is provided. The Netherlands have created a participant‐governed network, characterized by trust and equality. The Czech and Estonian models resemble a network administrative organization, with an enforcement role for their national cyber security centers. Denmark has adopted a lead‐agency model. The article concludes that countries face two binary choices when organizing cyber defense and crisis management. First, national computer emergency response teams/computer security incident response teams can be embedded inside or outside the intelligence community. Second, cyber capacity can be centralized in one unit or spread across different sectors. These decisions fundamentally shape information‐sharing arrangements and potential roles during cyber crises.