Self-promotion with a chance of warnings: Exploring Cybersecurity Communication Among Government Institutions on LinkedIn

Abstract

Knowledge about threats and countermeasures is essential for adequate protection in digital societies. Three government agencies from Germany (Federal Office for Information Security, BSI), the United Kingdom (National Cyber Security Centre, NCSC), and the United States (Cybersecurity and Infrastructure Security Agency, CISA) all have the legal mandate to inform the public about threats and countermeasures. However, no systematic analysis of their communication strategies has been conducted. To close this gap, we conducted an exploratory content analysis. We developed a LinkedIn crawler to download all posts from the three government agencies in 2023. Based on this data set, we did a high-level exploratory analysis of 2,410 posts. We analyzed length, engagement (i.e., number of likes, shares, comments), and media types used as attachments. Afterwards, for March, 188 posts were analyzed using the Protection Motivation Theory (PMT) as a theoretical, analytical framework for risk communication. We find that the NCSC used PMT elements the most and managed to do so while posting the shortest posts in comparison. We furthermore identified thematic differences between the authorities. For example, the NCSC most frequently publishes information on cybersecurity risks without a current reason, while the BSI, like the CISA, frequently communicates on (scientific) publications apart from its self-marketing.