Why do states overreact to some cybersecurity problems while persistently underestimating others? Scholars and policymakers often make the case that cybersecurity policies fall short of generating their intended effects because states either underplay or exaggerate cybersecurity threats. For example, some critics contend that the United States was vulnerable to Russian interference during the 2016 U.S. presidential elections because U.S. agencies downplayed the threat posed by cyber-enabled foreign influence operations (as opposed to a “cyber Pearl Harbor”) for years. I argue that solving this puzzle requires us to understand the narratives surrounding cybersecurity events. To establish this case, my dissertation adopts a multi-method design to investigate how policy actors make sense of cybersecurity. It demonstrates that actors construct and use strategic narratives---purposeful, strategic representations of a sequence of events---to define cybersecurity as a national security policy problem. This definition, in turn, underpins policy choices in national and international arenas. The narratives policymakers embrace wield substantial influence over the policies they adopt. My dissertation develops this argument in three essays. The first one analyzes under which conditions competing narratives projected by foreigners affect U.S. public opinion. Results from three survey experiments demonstrate that when official U.S. attribution claims receive endorsements from allies, respondents’ confidence in the attribution and support for non-military responses strongly increase. Disavowals from adversaries, on the other hand, decrease support for escalation. The second essay investigates why the United States has underestimated cyber-enabled foreign information operations until the Russian interference in the 2016 U.S. presidential election. It uses computer-assisted text analysis to examine a novel dataset of cyber-related U.S. congressional hearings from 2001 to 2020. The analysis demonstrates that narratives about cybersecurity focused on critical infrastructure and neglected information operations. Narratives about information operations, on the other hand, focused on cyberterrorism and neglected state-sponsored influence campaigns. Foreign state information manipulation only took the forefront of the U.S. political agenda after a focusing event disturbed the status quo of the latter narrative. The third essay explores the diffusion of U.S. narratives against Chinese technology companies in the European Union. Employing content analysis in a series of speeches and statements of U.S., Chinese, and European representatives, this study shows that the U.S. narrative has successfully put 5G network security into the European Union agenda. However, the EU response did not converge toward the U.S. narrative. Instead, the European Commission linked discussions on 5G network security with EU narratives on strategic autonomy and digital sovereignty.