How regime types shape internet governance effectiveness in cybersecurity: A cross-country study

This study addresses a critical challenge in public policy: how governments can effectively manage cybersecurity risks that arise from collective action problems in an era of increasing digital threats. Internet governance presents a fundamental collective action dilemma where organizations systematically underinvest in security measures because costs are internalized while benefits accrue primarily to third parties. Focusing on Distributed Denial of Service (DDoS) amplification vulnerabilities as a key indicator of national cybersecurity posture, we examine how political institutions shape the effectiveness of collective action solutions across 76 countries (2014-2020). Our findings reveal that internet governance is fundamentally regime-dependent, with profound implications for public administration and policy design. In democratic regimes, we identify a “Democratic Prosperity Paradox”: higher economic development paradoxically intensifies collective action failures. As GDP increases, organizations face higher opportunity costs for security investments, leading them to rationally underinvest in protective measures whose benefits accrue primarily to others. This creates a persistent collective action challenge that market-based governance alone cannot resolve. In autocratic regimes, we uncover a “State Capacity Effect”: governments with greater fiscal resources possess the means to solve collective action problems through coercion, yet exhibit higher amplification vulnerability, a pattern consistent with governance priorities that subordinate network security to surveillance and political control objectives. These findings challenge conventional theories linking state capacity to public goods provision and show that authoritarian governance priorities are associated with systematically higher cybersecurity vulnerability. Taken together, these results have important policy implications for government decision-makers, demonstrating that effective internet governance requires matching collective action solutions to regime-specific institutional contexts rather than applying one-size-fits-all strategies. The study contributes to public policy scholarship by advancing collective action theory to show how identical governance mechanisms produce divergent outcomes across regime types, offering a framework for designing regime-sensitive approaches to cybersecurity policy and international cooperation.