Stockholm university logo, link to start page

Sarah BackmanPhD student

About me

Sarah specializes in International Relations and cybersecurity. Her research focus on topics such as international cybersecurity governance, large-scale cyber incidents and the securitization of cyberspace. Her doctoral thesis "Making sense of large-scale cyber incidents: international cybersecurity beyond threat-based security perspectives" explores how theoretical lenses drawn from the securitization, riskification, crisis and socio-technical systems literatures can improve our understanding of large-scale cyber incidents, and how such incidents are interpreted by key actors. The thesis contributes to our understanding of how cyber is constructed as a security problem in theory and practise, and employs analytical approaches which facilitate the exploration of international cybersecurity along more than just traditional 'hard' security lines.


A selection from Stockholm University publication database

  • The European Union's capacities for managing crises

    2018. Sarah Backman, Mark Rhinard. Journal of Contingencies and Crisis Management 26 (2), 261-271


    This article draws on a comprehensive new data set of crisis management capacities at the European Union level to highlight key patterns in their development and use. Organised within the categories of detection, sense-making, decision-making, coordination, meaning-making, communication, and accountability, the data show considerable accumulation of capacities in detection and sense-making, while decision-making capacities lag behind. We find that most capacities are sector-oriented rather than cross-sectoral, and reside primarily within the European Commission rather than other EU institutions. Comparing the data to previous studies, we note that capacities overall are increasing and some are undergoing evolution; for example, horizon-scanning tools once limited to collecting information have increasingly been given an analytical, information enrichment function akin to sense-making.

    Read more about The European Union's capacities for managing crises
  • Risk vs. threat-based cybersecurity: the case of the EU

    2023. Sarah Backman. European Security 32 (1), 85-103


    In a relatively short time, cybersecurity has risen to become one of the EU's security priorities. While the institutionalisation of EU-level cybersecurity capacities has been substantial since the first EU cybersecurity strategy was published, previous research has also identified resistance from member states to allow the EU to have more control over their cybersecurity activities. Despite a growing literature on EU cybersecurity governance, there are currently extensive gaps in the understanding of this tension. This study suggests that an explanatory factor can be found in the so-far overlooked dynamic of the relative prevalence of risk vs. threat-based security logics in the EU cybersecurity approach. By distinguishing between risk and threat-based logics in the development of the EU cybersecurity discourse over time, this study highlights a shift towards an increasing threat-based security logic in the EU cybersecurity approach. The identified development highlights securitising moves enacting to a larger extent than before objects and subjects of security traditionally associated with national security. The study identifies specific areas of member state contestation accompanying this shift and concludes with a discussion on the findings in relation to the development of the EU as a security actor in the wider international cybersecurity landscape.

    Read more about Risk vs. threat-based cybersecurity

Show all publications by Sarah Backman at Stockholm University