How are governments staying safe? ITU releases its third Global Cybersecurity Index

More than half the world is now online for the first time ever. This is a significant step towards a more inclusive digital economy. But as information and communication technologies (ICTs) become stitched into the fabric of our daily work and lives, the exponential increase in personal, business and government data flowing across the internet and between devices is exposing us to an ever-widening range of cyber threats.

So how are governments keeping themselves and their citizens safe from cyber threats?

The ITU Global Cybersecurity Index (GCI)  sheds light on the range of government responses and helps countries learn how they can increase their commitment to cybersecurity.

Data shows considerable improvements in cybersecurity worldwide. More countries have national cybersecurity strategies, national plans, response teams, and specific legislation to counter the threats.

Unfortunately, there remains a significant gap between different regions. In addition, there is a visible gap between many countries in terms of knowledge for the implementation of cybercrime legislation, national cybersecurity strategies (NCS), computer emergency response teams (CERTs), awareness and capacity to spread out the strategies, and capabilities and programmes in the field of cybersecurity.

The Top 10

The United Kingdom tops the list of countries most committed to cybersecurity, according to the GCI, followed by the United States, France, Lithuania and Estonia, Singapore, Spain, Malaysia, Norway and Canada round out the Top 10, in that order.

How the Index works

The GCI brings together 25 indicators built on the five pillars of the ITU Global Cybersecurity Agenda: legislative measures, technical mechanisms, organizational structures, capacity-building activities and cooperative arrangements. The GCI represents a composite index that reflects high levels of diversity and complexity of cybersecurity.

In addition to the GCI score, the report also provides information on national practices that give insights to the progress achieved.

“Since the GCI data collection is multidimensional, there is no one-size-fits-all tailored solution to address cybersecurity.”

To produce the GCI, data collected through an online survey is used to reflect Member States’ commitment to each pillar. The questions of the survey are weighted by a group of experts.

Creating a global cybersecurity culture

This initiative is encouraging countries to strengthen their cybersecurity commitment, to raise awareness around the issue and to enable more collaboration at national, regional and international levels.

It is in this spirit that the GCI is contributing to achieve a global cybersecurity culture. First launched in 2014, the GCI is now in its third iteration.

Moreover, the GCI is an integral part of the membership-driven approach in guiding ITU’s cybersecurity-related work. The overall GCI process, from the data collection to the analysis and the elaboration of the report has been validated by relevant ITU Study Groups, in order to ensure alignment with the ITU’s mandate.

In this iteration, most countries have improved their rates.  The majority of changes can be observed in the Europe region, whereas the Africa and the Americas regions showed little changes. However, globally, the level of awareness and commitment worldwide has visibly improved.

Advancing national cybersecurity strategies

Since the GCI data collection is multidimensional, there is no one-size-fits-all tailored solution to address cybersecurity.

In the long term, cooperation will play a vital role in cybersecurity development. Cybersecurity knowledge should be shared and transferred among various organizations and relevant stakeholders such as central governments, local public authorities, the private sector, academia, civil society, and international organizations.

Overall, the GCI is contributing to the cybersecurity awareness in the world’s least-developed countries, providing indications on capacity-building activities that might be undertaken at the national level.

ITU is addressing the need and importance for countries to establish national computer incident response teams (CIRTs) as well as national cybersecurity strategies by providing them with fundamental tools to establish it.

All these measures and crucial elements serve as a basis to render cyberspace more secure, hence improving socio-economic stability and opportunities for a real, concrete digital transformation.