October is cybersecurity month, a time to raise awareness, of an issue of growing concern. In an increasingly complex and interconnected world, societies face the challenge of strengthening resilience and digital trust by improving cybersecurity.
The ITU Global Cybersecurity Index published yearly, assesses global progress in delivering a secure digital future. This report is a reference that measures the commitment of countries to cybersecurity at a global level, assessed along five pillars – (i) Legal Measures, (ii) Technical Measures, (iii) Organizational Measures, (iv) Capacity Development, and (v) Cooperation – and then aggregated into an overall score.
Countries are strengthening cybersecurity efforts, but increased action is still required
Threats highlighted in the report include ransomware attacks targeting government services and other sectors, cyber breaches affecting core industries, costly system outages, and breaches of privacy for individuals and organizations.
In today’s increasingly complex digital landscape, it is vital that we focus our efforts to ensure that we can safely and securely manage cyber threats.
Building trust in the digital world is paramount
Overall, countries are working to improve their cybersecurity commitments, with almost every region having high and low performing countries.
- Legal measures tend to be countries’ strongest area of cybersecurity and Privacy laws and regulations are increasing. More than 90% of the countries measured have at least one regulation on either personal data protection, privacy protection, or breach notification in force or in progress.
- The data shows a wide variation in the implementation of technical measures to support cybersecurity efforts at the national level. Computer Incident Response Teams (CIRTs) play a key role in the cybersecurity ecosystem. And on a positive note, there has been an increase of more than 30% since 2021 (up to 139 countries with some active CIRT).
- Greater coordination and alignment are necessary on cybersecurity efforts, even though more countries have a national cybersecurity strategy (also an increase of 30% since 2021). On child protection, implementation of strategies and initiatives remains limited. While 164 countries have legal measures in place for child online protection only 94 countries reported associated strategies and initiatives, indicating a gap in implementation.
- Cybersecurity training and awareness efforts vary across regions against the backdrop of efforts to develop a strong industry. Many countries still lack cybersecurity skill development programmes across educational levels.
- Operationalization of agreements and frameworks remains a challenge. Many countries cooperate on cybersecurity through existing treaties: 92% of countries (166) reported being part of an international treaty or comparable cooperation mechanism for cybersecurity capacity development, or information sharing, or both.
Protection of critical infrastructures
While 54% of countries worldwide have an agency, ministry or other entity responsible for critical infrastructure cybersecurity, only 49% of countries worldwide have such a critical infrastructure framework in place or are in the process of implementing cybersecurity standards.
Protecting the cybersecurity of critical infrastructures and their supply chains is crucial. The International Chamber of Commerce (ICC) cybersecurity policy brief, produced in collaboration with Telefónica and other partners, explores the complexities of protecting these systems and provides a taxonomy and strategic recommendations to address the challenges. Supply chain security is particularly important.
Cybersecurity is a shared responsibility between the private and public sectors, and both must work together to mitigate risks and curb cyber threats. The ICC report offers concrete recommendations for companies and policymakers in domestic and international contexts alike, as well as suggestions for building effective public-private partnerships.
Policies to improve cyber-resilience and counter cybercrime
The ITU report makes 11 key recommendations, ranging from strengthening critical infrastructure to providing cybersecurity education, including the implementation of legal measures applicable to all sectors; developing and regularly updating a comprehensive national cybersecurity strategy and a practical, concrete action plan; improving incident response capabilities; providing capacity building and training to strengthen cybersecurity skills; and promoting national and international cooperation and collaboration on information sharing, training and capacity development.
Building cyber resilience and increasing digital trust for inclusive digitalisation, requires better cooperation, appropriate frameworks improving harmonization and coherence, capacity building and incentives (including financing or fiscal incentives). Upholding the multistakeholder approach in the governance against cybercrime and implementing rules for responsible state behaviour are essential to reduce cyberattacks, and thus increase security.
The UN Ad Hoc Committee on Cybercrime (AHC) concluded its mandate with the adoption of the first UN instrument on cybercrime in August 2024, after Russia and China, among others, proposed a UN resolution in 2019 to work on this international convention. While this is a milestone, non-governmental stakeholders across civil society and business warn against the potential adverse effects of the Convention on data privacy, human rights, and cybersecurity. Following the adoption of the Convention, the International Chamber of Commerce (ICC) released a public statement expressing concerns and cautioning states to carefully evaluate the risks before proceeding with ratification.
The Budapest Convention on Cybercrime, facilitated by the Council of Europe, and signed in 2001, has promoted cooperation and a common criminal policy. With 76 parties and 17 additional countries having signed or been invited to sign, it will continue to be a (the) fundamental instrument for cooperation against cybercrime, where rights are guaranteed through the implementation of the Convention’s provisions into domestic law.
