In 2017, a ransomware spread across multiple countries, causing an estimated $10 billion in damage to businesses worldwide. More recently, in Costa Rica, a major incident in 2022 forced the government to declare a national state of emergency and resulted in losses up to 2.4% of GDP.

Digital technologies are reshaping economies and public services, but they also introduce new and persistent risks. Cyber incidents can disrupt essential services, undermine trust in public institutions, and erase development gains built over years.

Cybersecurity, therefore, is no longer a narrow technical concern. It is a foundational element of economic growth, national security, and inclusive digital development.

Supporting countries where it matters most

At the World Bank Group, we recognize that digital transformation can only fulfill its promise if the systems that underpin it are resilient and trusted. This principle guides our work with clients worldwide. 

Between 2014 and 2023, the World Bank Group supported reforms and investments by the government of Ghana that helped position the country as a regional leader in cybersecurity. These efforts included adopting a national cybersecurity plan, the establishment of its National Cybersecurity Authority, and strengthening the country’s computer security incident response team. Today, Ghana ranks first in Western and Central Africa and third on the African continent overall in global cybersecurity index tracking. 

In the Philippines, as part of a broader effort to expand connectivity, the World Bank Group is supporting an ambitious US$40 million program to enhance the resilience of the national broadband and telecommunications infrastructure. The program focuses on detecting events early, responding faster, and managing risks to critical infrastructure in the broadband sector.

Across many other countries, the World Bank Group is active in promoting a “cybersecurity by design” approach, integrating safeguards into broader digital transformation initiatives from the start. This approach is also central to the work of the Cybersecurity Multi-Donor Trust Fund, which helps governments think strategically and develop evidence-based policies, backed by data.

From isolated security measures to national strategy

One of the lessons we have learned over the past two decades is that cybersecurity efforts are most effective when they are strategic, coordinated, and sustained over time.

Many countries initially approached cybersecurity through isolated technical controls or ad hoc legal measures. While these steps remain necessary, they are no longer sufficient for today’s highly connected digital world. 

A national cybersecurity strategy helps governments move from reactive responses to proactive planning. It sets a shared vision, clarifies roles and responsibilities, prioritizes investments, and aligns cybersecurity with national priorities, from public services and critical infrastructure to growth and inclusion.

This shift is reflected by the growing number of countries adopting national cybersecurity strategies. According to the ITU Global Cybersecurity Index, the number rose from 76 countries in 2018, to 127 in 2021, and 136 in 2024. This trend highlights not only the rising importance of cybersecurity for national leaders, but also the growing need for practical frameworks to guide long-term decisions in a rapidly evolving risk environment. 

A Guide shaped by global experience

That is why the release of the latest edition of the Guide to Developing a National Cybersecurity Strategy (the “Guide”) could not be timelier.

Since its first edition in 2018, the Guide has become a widely referenced resource for national leaders and policymakers responsible for drafting, implementing, and updating cybersecurity strategies. Countries at very different stages of digital and cyber maturity have used it to structure discussions, engage stakeholders, and turn policy goals into actionable plans.

The third edition builds on this foundation, with greater emphasis on managing risk, securing critical services; building sustainable funding and skills; and on aligning cybersecurity with national development priorities. It recognizes that cybersecurity strategies must evolve as technologies, threats, and institutions change. 

Importantly, this Guide distills real-world lessons from countries already on their second and third strategy cycles, helping others move from policy design to effective implementation.

The Guide also reflects the power of collaboration. It is the result of a truly inclusive multistakeholder effort, with contributions from 37 organizations covering international and multilateral institutions, governments, the private sector, academia, and civil society.

From principles to implementation 

Digital transformation will only accelerate. So will cyber risks. 

Building secure, resilient, and inclusive digital futures is one of the defining development challenges of our time. A strategy sets the direction, but leadership, sustained funding, and implementation will determine whether it delivers real results. 

The World Bank Group will continue to treat cyber resilience as a strategic enabler of sustainable development, supporting countries as they turn cybersecurity strategies into lasting impact.