The Democratic Peace in Cyberspace
Democratic Dyads Fight Less – But What About Cyberattacks?
This article investigates whether the pacifying effects of the democratic and capitalist peace theories extend to state-sponsored hostilities in cyberspace. Utilizing the European Repository of Cyber Incidents (EuRepoC) dataset spanning 2002 to 2024, the study analyses dyadic conflict behaviour through logistic regression models equipped with temporal splines and lagged independent variables. The quantitative analysis reveals robust support for a democratic cyber peace, demonstrating that dyads with higher baseline democracy scores experience a significantly lower risk of mutual cyberattacks. Conversely, evidence for the capitalist peace is less robust, while traditional drivers of kinetic conflict—such as geographic proximity, major power involvement, and ongoing physical disputes—are shown to increase the likelihood of digital hostilities. Ultimately, these findings confirm that established international relations paradigms can effectively explain state behaviour in the digital realm, despite persistent data limitations regarding incident attribution and under-reporting.
All modern-day conflicts have some form of digital component and most kinetic conflicts are accompanied by hostilities in cyberspace. Whether it be hacktivists supporting their preferred side, or nation-state threat actors, the cyber realm is too tightly integrated in modern life to not be affected by traditional conflicts. For this reason, this article examines the question: Do kinetic disputes and cyberattacks follow similar dynamics?
Researchers have long known that democracies rarely if ever fight other democracies. The so-called “democratic peace” is well-established in scientific literature. However, some argue that it is actually capitalism / economic liberalism that leads to peace, not democracy. I will not weigh in on this debate but I will test whether the statistical models supporting both research programs also show similar results for cyberattacks. To put it in simple terms: We know that democracies do not fight other democracies – but does this restraint extend to cyberspace?
To explore this question, I will use the most recent version of the European Repository of Cyber Incidents (EuRepoC) and combine it with data about military spending, GDP per capita, military alliances, economic freedom indicators, measures of democracy, and other well-established control variables. I will use logistic regression models to analyse the data. While this article is not a scientific paper, it mostly follows scientific best practices and methods. My goal is to provide a quantitative dive into the fascinating world of nation-state cyberattacks and the attributes that make dyads (pairs of states) more or less likely to experience cyber hostilities.
For those, who are only interested in results, I advise you to skip to section 5. For the more scientifically minded, I will continue with a brief overview of some core literature concerning the democratic and capitalist peace research programs.
One of the seminal papers that helped to establish the democratic peace as a research paradigm was published by Oneal and Russett (1999). They tested Realist theories and Kantian principles to discover that democratic dyads are less likely to experience disputes compared with more autocratic dyads. The most well-known criticism of this research stems from Gartzke (2007). He argued that “democracy cohabitates with peace” (p. 167) but it is actually liberal economic processes that cause peace. His theoretical reasoning is that, first, states have less need to go to war over certain resources if they can simply trade for them. Second, as states become more developed, the importance of land and mineral resources declines compared to intellectual and financial capital. Third, developed countries often share cultural and social bonds. In Gartzke and Hewitt (2010), similar mechanisms are discussed and they find that free markets, economic development, and similar interests lead to peace, but not democracy. Mousseau (2010) also finds support for the capitalist peace. Gartzke and Weisiger (2013) took a systemic view and argued that conflict among democracies is scarce when there are few democracies in the international system. However, if there are more and more democracies, their preferences diverge and they have less need to band together. The democratic peace is, thus, conditional on the wider system. One year later, Gartzke and Weisiger (2014) strengthened their case by providing evidence that systemic peace is not linked to a more democratic world but instead to a more developed world.
Several authors sharply criticised the capitalist peace research, often citing methodological mistakes. Dafoe (2011), for example, noted that Gartzke’s 2007 paper mistakenly omitted observations, incorrectly implemented temporal splines, and used regional dummy variables as controls without sufficient justification. Choi (2011) waged similar criticisms and found that the democratic peace remains robust when correctly specifying the statistical models. Choi (2016) also criticised Gartzke and Weisiger’s research, finding a robust and substantive effect of democracy on peace. Further, Schrodt (2004) pointed out that arguments against the democratic peace have to rely on complex statistical and “esoteric” reasoning. In contrast, arguments against the capitalist peace can point to specific wars that involved economically liberal opponents.
Very little research has explored the impact of capitalism or democracy on cyber hostilities. Hunter, Craig, Garrett, and Rutland (2022) examined the impact of regime type on cyber conflict. Using both a monadic and a dyadic research design, they found that authoritarian states are more likely to initiate cyberattacks than more democratic states. When democracies do conduct cyber attacks, they rarely target other democracies. Notably, Hunter et al. (2022) built somewhat unconventional statistical models in the context of democratic peace research. They included multiple unconventional control variables (e.g. inflation or battlefield deaths per state-year) and discarded commonly-used variables such as geographic proximity, military alliances, capability ratios, etc. This means that their results cannot be compared to the mainstream democratic peace literature. Geiger (2021) found that democracy and economic freedom are linked to peace in cyberspace. This is my own research, which I am re-testing in this article using more and better data. State-sponsored cyberattacks are still a relatively new phenomenon (the first coded incident in the EuRepoC dataset was in 2002), so every additional year of high-quality data makes a significant difference in the reliability of statistical results.
Cyberattacks are different from kinetic attacks. They are difficult to attribute and less likely to be seen as an acts of war. Also, most state-sponsored cyberattacks are means of collecting intelligence rather than inflicting damage. Nonetheless, it is likely that cyber attacks will follow similar patterns as traditional disputes. After all, cyberattacks still present a form of hostility and can sour a bilateral relationship. It is not uncommon for ambassadors to be summoned following the discovery of a cyber attack, such as in 2025 when the German government summoned the Russian ambassador over Russia’s breach of Germany’s Air Traffic Control (Tagesschau, 2025). Also, cyberattacks are frequently used within the context of traditional conflicts or they are used for signalling when tensions between two states are running high. I will test two hypotheses to discover how similar/dissimilar the onset of cyber hostilities is compared with traditional conflict.
H1: More democratic state dyads are less likely to experience cyber attacks.
H2: More economically liberal state dyads are less likely to experience cyber attacks.
It should be noted that the substantive impact of regime type and economic liberalism are likely smaller in cyberspace. The reason is that cyber attacks can sour bilateral relations but much less so than kinetic military confrontations do. Cyberattacks may lead to sanctions or diplomatic tensions but they have not by themselves led to a declaration of war or a total breakdown of relations between any two states. The risk of using cyberattacks, even against friendly nations, is much lower compared with military force. Therefore, it should be expected that restraining factors also carry less weight in cyberspace than they do in other domains.
To test the two hypotheses, I use the EuRepoC dataset (Zettl-Schabath et al., 2025). The unit of observation is dyad-year, so I have one row for each pair of states and each year. I filter the EuRepoC dataset to only include state-sponsored cyberattacks and exclude any unattributed or criminal attacks. Naturally, the number of unreported cyber attacks is much higher than what is recorded in this dataset but there is no truly reliable way of studying the unknown. The dataset includes cyberattacks spanning the years from 2002 to 2024. The dependent variable is binary, taking on a 1 for years in which a particular interstate dyad experienced one or more cyberattacks.
To test H1, I use Democracy(LOW), which codes the democracy level of the less-democratic state. The reason is that conflict is assumed to be driven mostly by the less-restrained state. This is the so-called “weak link” assumption (Oneal & Russett, 1999). Most research has used Polity scores but I opt for the Electoral Democracy Index from the “V-Dem” Varieties of Democracy Project (Coppedge, 2025). The reason is that V-Dem offers full coverage of the observation period, whereas Polity ends coverage in 2018.
To measure H2 and how capitalist or economically free a state is, I use the Index of Economic Freedom, provided by the Heritage Foundation (2025). The variable EconomicFreedom(LOW) also follows the weak-link assumption that the less restrained state would be the main driver of hostilities.
For control variables, I follow much of the democratic and capitalist peace literature. The first is GDP per capita, taken from the World Bank’s (2026) World Development Indicators. I use the natural log of this variable due to its heavy right skew and, again, use the lower of the two country scores, so the variable is log_GDPpc(LOW). This variable is important because a country’s development may impact its likelihood of using cyberattacks as a tool of statecraft. Next, the political distance between both states is included Democracy(DIST) and denotes the mathematical difference in democracy scores for each dyad. This is a standard control as larger political distances between states have often been found to increase conflict. The variable MajorPower is a dummy denoting the presence of a major power in the dyad. The coding follows the Correlates of War Project (2025). It has often been observed that major powers are more likely to be involved in disputes, so including this variable is a literature standard. Another dummy variable is Alliance, denoting whether the two states in a dyad are in a military alliance or not. Data is taken from Gibler (2009). There has been some controversy in the literature whether alliances actually reduce the likelihood of war but Choi (2025) finds that alliances have a measurable impact, so I include this control variable. Another standard control is the ratio of military capabilities, which I proxy by using military expenditure in constant USD (SIPRI, 2026). The variable is log_MilEx(DIST) denoting the absolute difference in military spending between both countries in a dyad. As with GDP per capita, I use the natural log of this variable. The variable KineticConflict is uncommon in similar research as it is usually used as the dependent variable. However, as the presence of a kinetic conflict likely increases the risk for cyberattacks, I will test the statistical impact of adding this variable as a control. The data is taken from the Uppsala Conflict Data Program (Davies, Pettersson, Sollenberg & Ödberg, 2025). Finally, the variable SharedRegion denotes whether or not both states are located in the same geographic region. This is also taken from V-Dem (Coppedge, 2025). Here, I deviate from the norm as most researchers use direct contiguity (shared borders) or the distance between state capitals. However, as cyber attacks do not depend on direct geographic proximity a shared border should matter less. Still, states are more likely to have conflicts of interests with states nearby rather than with states halfway around the globe. Therefore, I code for geographic regions instead of direct proximity or capital distance.
As the dependent variable is binary, I will run a logistic regression, including temporal splines (Beck, Katz & Tucker, 1998) and a one-year lag of the independent variables to prevent endogeneity and reverse causality (Oneal & Russett, 1999; Gartzke & Weisiger, 2013; Choi, 2024).
The dataset contains about 450.000 observations, out of which 681 dyad-years experienced one or more cyber attacks. Due to missing values, a portion of these observations are not usable in logistic regression and get dropped. I ran four main models with slightly different specifications. Model 1 includes only the main variables, Democracy(LOW), Democracy(DIST) and EconomicFreedom(LOW) along with temporal splines. The data is restricted to relevant dyads only. Relevant dyads are defined as those that share a geographic region or that include at least one major power. This is common practice and makes theoretical sense (Choi, 2011; Oneal & Russett, 1999) but reduces the number of dyad-years that experienced a cyberattack down to 545. Model 2 adds in control variables to understand their effect on the examined relationship. Model 3 is functionally identical to model 2 but drops the restriction to relevant dyads. This significantly increases the amount of observations for this model. It is not clear that the concept of relevant dyads applies to cyber attacks in equal measure as to conventional disputes. Geographic proximity, for example, has little meaning in cyberspace. Therefore, I will focus on models 3 and 4, which are run on the full set of dyads. Finally, model 4 adds a control for kinetic conflict within a dyad. Table 1 displays the regression coefficients.
| Dependent variable: | ||||
| Cyberattack(DUMMY) | ||||
| (1) | (2) | (3) | (4) | |
| Democracy(LOW) | -5.319*** | -5.740*** | -5.899*** | -5.981*** |
| (0.466) | (0.399) | (0.377) | (0.383) | |
| EconomicFreedom(LOW) | -0.006 | -0.006* | -0.020*** | -0.021*** |
| (0.004) | (0.004) | (0.003) | (0.003) | |
| Democracy(DIST) | 1.162*** | -0.350* | -0.509*** | -0.523*** |
| (0.167) | (0.188) | (0.167) | (0.168) | |
| log_GDPpc(LOW) | 0.471*** | 0.545*** | 0.563*** | |
| (0.043) | (0.038) | (0.038) | ||
| log_MilEx(DIST) | 0.175*** | 0.187*** | 0.180*** | |
| (0.019) | (0.016) | (0.015) | ||
| SharedRegion | 1.124*** | 1.442*** | 1.375*** | |
| (0.164) | (0.123) | (0.125) | ||
| MajorPower | 1.635*** | 2.254*** | 2.332*** | |
| (0.219) | (0.110) | (0.110) | ||
| Alliance | 0.016 | 0.051 | 0.080 | |
| (0.189) | (0.186) | (0.187) | ||
| KineticConflict | 5.027*** | |||
| (0.469) | ||||
| TemporalSpline1 | -2.510*** | -2.526*** | -2.606*** | -2.560*** |
| (0.241) | (0.251) | (0.223) | (0.224) | |
| TemporalSpline2 | -1.980*** | -1.789*** | -1.572*** | -1.489*** |
| (0.288) | (0.293) | (0.227) | (0.227) | |
| TemporalSpline3 | -6.967*** | -5.886*** | -5.854*** | -5.591*** |
| (0.335) | (0.331) | (0.300) | (0.301) | |
| TemporalSpline4 | -1.400*** | -1.629*** | -1.039*** | -1.058*** |
| (0.313) | (0.317) | (0.234) | (0.235) | |
| Constant | -1.339*** | -7.995*** | -8.528*** | -8.740*** |
| (0.206) | (0.467) | (0.365) | (0.370) | |
| Observations | 49,287 | 48,992 | 408,476 | 408,476 |
| Log Likelihood | -2,353.258 | -2,107.861 | -3,073.154 | -3,025.299 |
| Akaike Inf. Crit. | 4,722.515 | 4,241.723 | 6,172.308 | 6,078.598 |
| Note: | *p<0.1; **p<0.05; ***p<0.01 | |||
Table 1: Logistic regression coefficients for models 1-4.
As logistic regression coefficients are not intuitively meaningful, table 2 shows how a change in one variable impacts the likelihood of cyber attacks in a dyad. It is based on model 4 and compares individual variable changes to a baseline probability of cyberattacks. For this purpose, a baseline dyad is defined as follows: Democracy(LOW), Democracy(DIST), EconomicFreedom(LOW), log_GDPpc(LOW), and log_MilEx(DIST) are set to their median values. SharedRegion, MajorPower, Alliance, and KineticConflict are set to 0.
| Scenario | Probabilities | Percentage Change |
| Baseline: Variables at median/mean, dummies = 0 | 0.0002 | 0% |
| Increasing lower democracy score to 90th percentile | 0.0000 | -92% |
| Increasing regime type distance to 90th percentile | 0.0002 | -20% |
| Increasing lower economic freedom score to 90th percentile | 0.0002 | -22% |
| Doubling the lower GDP per capita score | 0.0003 | 48% |
| Doubling the difference in military expenditure | 0.0002 | 13% |
| The states share a geographic region | 0.0008 | 295% |
| At least one state is a major power | 0.0021 | 928% |
| The states share an alliance | 0.0002 | 8% |
| The states are engaged in a physical conflict | 0.0295 | 14701% |
Table 2: Percentage Changes based on Model 4.
Across all models, the coefficient for Democracy(LOW) is significant at the 1% level and negative. Hypothesis 1 predicted that more democratic dyads would be less likely to experience cyber attacks. The models supports this and table 2 shows that this effect is substantively meaningful. Raising Democracy(LOW) from its median value to the 90th percentile reduces the risk for cyberattacks in a dyad-year by 92%. Given this and the coefficient’s p-value, we can reject the null hypothesis at the 99% confidence level.
Hypothesis 2 predicted the same effect for EconomicFreedom(LOW). However, for relevant dyads (models 1 and 2), the coefficient fails to reach the 95% significance level. However, the coefficients are significant when tested on the entire dataset. Substantively, model 4 calculates a 22% reduction in risk when increasing the lower economic freedom score from its median value to the 90th percentile. This gives support to hypothesis 2, though given its lack of significance for relevant dyads, I am hesitant to draw a strong conclusion in either direction.
Democracy(DIST), measuring how different the two regimes in a dyad are, is also not fully robust. It fails to be significant in model 2 but gains significance when all dyads are included in the data (models 3 and 4). In terms of the impact size, table 2 shows that an increase in regime type difference from its median value to the 90th percentile, leads to a 20% decrease in cyber attack risk. This means that highly asymmetric dyads actually fight less in cyberspace. This is contrary to intuition but might be explained by Hunter et al. (2022), who find that autocracies initiate more cyberattacks. This means dyads containing two autocracies may experience cyberattacks more frequently than if one of the states is a generally more peaceful democracy. However, more research is needed to confirm the robustness and possible explanations of this finding. This observation could also be an artifact of incomplete data or the fact that engaging in state-sponsored cyberattacks is still relatively uncommon in the wider international system.
GDP per capita and differences in military expenditure are significant and positive. This means that higher values in these variables increase the risk of cyber attacks. The effect sizes are also meaningful, with a 48% and 13% change in risk respectively, when doubling the value.
As with traditional conflicts, dyads that share geographic proximity and dyads that include a major power are significant and positive. These factors are known to increase the risk of kinetic disputes and this observation holds true for cyberspace as well. Note that the predicted effects are enormous with 295% and 928% respectively. The same can be said for the presence of a kinetic conflict in a dyad. This massively increases the risk of cyber attacks occurring by 14701%. Be aware that such enormous effect sizes must be viewed with a large amount of caution as they are often driven by inaccuracies in the sample. For example, kinetic conflicts are exceedingly rare in the data with only 40 positive observations. This is too few to place any weight on the calculated effect size. Nonetheless, it appears that all three dummies increase the likelihood of cyber attacks in a dyad. The presence of an alliance does not appear to have an impact. The variable is insignificant for all models.
Scholars of international relations have found much evidence that democracy and capitalism have pacifying effects on states. Two states that are both very democratic or economically liberal, are unlikely to fight. I attempted to bridge the gap between this research and the emerging research on interstate cyber attacks. By relying heavily on proven model designs, I was able to show that democracy and, to a less-robust degree, economic freedom, have a pacifying effect on state dyads in cyberspace. Other variables such as GDP per capita, differences in military spending, the presence of a major power, the presence of a kinetic conflict, and geographic proximity were shown to increase the risk of cyber attacks. With this brief research project, I attempted to replicate and improve my master’s thesis (Geiger, 2021) now that a few more years of data about cyber attacks are available. Overall, the findings are similar but more data has led to more reliable results. Despite this, the data is still far from perfect. It is probable that the vast majority of cyberattacks go unreported and even for those that are, attribution is often lacking. Also, a few states are driving a disproportionate proportion of the reported attacks. Nearly all countries have offensive military capabilities but not all have offensive cyber capabilities or the willingness to use them. These and other problems with the data are important to keep in mind when looking at the regression results and the substantive effects listed in table 2.
In the research about state-sponsored cyber attacks, there is still a significant amount of low-hanging fruit. While I am merely a hobby researcher and this article is not a peer reviewed piece of scientific literature, I hope to inspire more research on the topic. I myself might conduct further analyses on directed dyads or by exploring monadic cyber attack figures. While we will never have perfect data on cyber attacks, there is plenty of fascinating research left to be done.
Replication data and code available from: https://github.com/johnny80y/Cyberattacks-and-the-Democtratic-Peace