Abstract Why do some states become persistent practitioners of offensive cyber operations while others remain occasional attackers? I develop a theory of persistence in cyber statecraft, arguing that sustained cyber offense arises only after states surpass substantial fixed costs and material capability thresholds. Once offensive cyber units are institutionalized within a state’s security apparatus and their strategic utility becomes evident, these operations evolve into enduring features of national strategy. Using a cross-national panel (2000–2020) of state-linked cyber incidents, I find that the likelihood of entering persistent offensive activity remains low among low- and mid-capability states but rises sharply for highly capable ones. Moreover, once states cross this persistence threshold, they are significantly less likely to exit. Neither trade openness nor leader longevity reliably predicts persistence, suggesting that even globally integrated or stable regimes sustain covert cyber campaigns when capacity and incentives align. These findings challenge the assumption that any state can readily engage in strategic cyber conflict, showing instead that persistent state-sponsored cyber operations are the product of elite states that make deliberate, long-term investments in cyber capability, and institutional integration.
William Akoto (Mon,) studied this question.