ABSTRACT The accelerated digitalisation of society has amplified cybersecurity threats and revealed their cross‐sectoral nature. Yet, the policy instruments used to address these challenges remain insufficiently examined. This study conducts a scoping review of 980 academic articles (2007–2024) and applies Hood's NATO framework (Nodality, Authority, Treasure, Organisation) to map how cybersecurity policy instruments are deployed and combined. The analysis identifies emerging thematic domains and shows that governance approaches are multi‐instrumental, sector‐specific, and evolving. It highlights differences in reliance on informational, regulatory, financial, and operational tools, as well as patterns in their combination. These findings underscore the need for coordinated policy mixes that respond to both digital risks and institutional contexts. Advancing a Whole‐of‐Government (WoG) perspective, the study shows that a holistic, cross‐sectoral integration of tools can tackle the cybersecurity's technical complexity while accounting for human and organisational factors. By offering a novel framework for analysing instrument configurations, the article contributes to more adaptive and integrated cybersecurity governance strategies.
Cotta et al. (Mon,) studied this question.