This article seeks to study the policy conditions for the successful application of deterrence theory in cyberspace. While the tenets of classical deterrence theory are difficult to apply to cyberspace, understanding the applicability of these concepts in the cyber context is crucial as cyberspace continues to transform into a prominent domain of conflict. Classical deterrence has always been closely associated with a Cold War-era nuclear context, and its translation to cyberspace will require a broader approach to account for changes in the nature of the domain. The success of Estonia’s multi-faceted deterrence efforts after experiencing a large-scale cyber-attack in 2007 shows the effectiveness of such a conception of deterrence to the realm of cyberspace, through the implementation of international and domestic level policies. I analyze how Estonia has managed to implement this deterrence framework by punishment, denial, multilateral cooperation and promotion of international norms, and an increase in societal strength and resilience among its population.