The social contract theory meets cybersecurity: systematic literature review

Purpose - This study aims to provide a comprehensive overview of social contract theory (SCT) utilization in cybersecurity literature, elucidating the current state of research, identifying major applications and themes and highlighting gaps, particularly in empirical studies, and the integration of emerging technologies. The study also maps the contractual parties and governance tools discussed in SCT and cyberspace interactions. Design/methodology/approach - This study uses a systematic literature review to investigate the application of SCT within the cybersecurity domain. Using a mixed-methods approach that combines quantitative and qualitative content analysis with the Grounded Theory strategy, over 30,000 documents were initially screened. The final data set comprised 873 peer-reviewed papers from multiple databases. MAXQDA software facilitated coding and thematic analysis to identify key SCT applications, governance tools and research gaps. Findings - The review revealed the following: emerging technologies such as artificial intelligence (AI) and blockchain are sparsely researched within the SCT-cyberspace intersection, yet they offer solutions to various SCT-related issues; empirical studies are underrepresented, with theoretical explorations dominating the discourse; there is a notable gap in integrating emerging technologies such as AI within SCT frameworks; governance tools discussed are varied, including economic incentives, regulatory measures and informational strategies. Originality/value - This study synthesizes SCT applications in cybersecurity, highlighting the interdisciplinary nature and potential for richer theoretical integration. By systematically mapping the literature, it identifies crucial gaps and offers a foundation for future empirical and theoretical research. The findings emphasize the importance of considering traditional SCT themes and contemporary technological contexts, contributing to the development of more robust frameworks for cyberspace governance.