Carmichael, Logan2025-09-032025-09-032025-08-13https://doi.org/10.14763/2025.3.2028https://hdl.handle.net/10062/115613As governments across the world increasingly undergo digitalisation processes, ensuring cybersecurity of these provisions cannot be 100% guaranteed. How, then, can governments best respond to a cybersecurity crisis in order to bolster cybersecurity in the future? Even Estonia, one of the earliest and most pervasive examples of e-governance globally, has not been without cybersecurity crises. Using four key Estonian examples, this paper examines the components of government decision-making in the aftermath of cybersecurity crises, which aim to bolster future cybersecurity. Three key approaches emerged from the crises examined: 1) decision-making is derived from prior knowledge and experience; 2) communications around cybersecurity crises is clear, coordinated, and transparent; and 3) innovation and planning should take place in times of non-crisis, as crises often expedite decision-making. Ultimately, this paper offers insight into how governments can make decisions following cybersecurity crises, in contexts beyond Estonia, as they undergo digitalisation processes and increasingly face cyberattacks.enAttribution-NonCommercial-NoDerivs 3.0 Estoniahttp://creativecommons.org/licenses/by-nc-nd/3.0/ee/Cybersecurity governanceE-governanceEstoniaCrisis managementCybersecurity managemente-valitsemineEestiküberturvalisuse valitseminekriisijuhtimineküberturvalisuse juhtimineinfo:eu-repo/semantics/article