Countries ramp up cybersecurity strategies: ITU Report

​​​​The latest Global Cybersecurity Index (GCI) from the International Telecommunication Union (ITU) shows a growing commitment around the world to tackle and reduce cybersecurity threats.

Countries are working to improve their cyber safety despite the challenges of COVID-19 and the rapid shift of everyday activities and socio-economic services into the digital sphere, the newly released 2020 index confirms.

According to GCI 2020, around half of countries globally say they have formed a national computer incident response team (CIRT), indicating an 11 per cent increase since 2018. Rapid uptake of information and communication technologies (ICTs) during the COVID-19 pandemic has put cybersecurity at the forefront.

“In these challenging times, the unprecedented reliance on ICTs to drive society, economy and industry, makes it more important than ever before to secure cyberspace and build confidence among users,” affirmed ITU Secretary General Houlin Zhao. “Governments and industry need to work together to make ICTs consistently safe and trustworthy for all. The Global Cybersecurity Index is a key element, offering a snapshot of the opportunities and gaps that can be addressed to strengthen every country’s digital ecosystem.”

Some 64 per cent of countries had adopted a national cybersecurity strategy (NCS) by year-end, while more than 70 per cent conducted cybersecurity awareness campaigns in 2020, compared to 58 per cent and 66 per cent, respectively, in 2018.

Yet despite notable improvements, gaps in cyber capacity persist.

Addressing the cyber gap

Many countries and regions lag in key areas. These include:

​Cybersecurity skills training, which must be tailored to the needs of citizens, micro-, small-, and medium-sized enterprises (MSMEs);
Finance, healthcare, energy, and other key sectors, which require dedicated measures to close cybersecurity gaps;

Critical infrastructure protection, which requires enhancement to meet new and evolving cyber threats;

Individual data protection, which requires continual reinforcement as online activity expands.

Growing reliance on digital solutions necessitates ever stronger, yet also accessible and user-friendly, data protection measures.

GCI 2020, the index’s fourth iteration, measures the cybersecurity commitments of 193 ITU Member States and the State of Palestine. It aims to identify gaps, serve as a roadmap to guide national strategies, inform legal frameworks, build capacity, highlight good practices, strengthen international standards, and foster a culture of cybersecurity.

Amid interconnected commerce and communication, cybersecurity risks are increasingly borderless, with no single entity or stakeholder able to guarantee the security of the global cyber ecosystem.

Countries with high cyber capabilities may therefore need to support others, such as Least Developed Countries (LDCs), Small Island Developing States (SIDS), and Landlocked Developing Countries (LLDCs).

“This snapshot of the world’s commitment to cybersecurity is just a starting point for further discussions, interventions, and strides towards achieving global, regional and national cyber safety,” noted Doreen Bogdan-Martin, Director of the ITU’s Telecommunication Development Bureau. “I invite all ITU Member States to continue updating us on their progress on cybersecurity-related commitments, so that we can effectively share experiences, research, and solutions to create a trusted cyberspace for all.”

Measuring the evolving cybersecurity landscape

About one billion people worldwide became Internet users for the first time between 2015 (when the first GCI was released) and 2019, according to ITU data. With global losses due to cybercrime expected to reach USD 6 trillion this year, citizens count on governments to enhance cybersecurity norms and protect increasingly exposed personal and financial data.

ITU has produced four GCI editions to date, providing periodic global snapshots of a rapidly evolving industry. With each iteration, the methodology has been adapted to shed more light on countries’ cybersecurity commitments.

Each country’s level of development or engagement is assessed based on five pillars of the ITU Global Cybersecurity Agenda – legal measures, technical measures, organizational measures, capacity development, and cooperation.

GCI 2020 features data from more countries than any previous edition, with ITU receiving 150 updated questionnaire responses despite the constraints imposed by COVID-19. For the other 44 countries included, data was collected and validated through desk research.

Country commitment was assessed through online surveys for each pillar, which further facilitated the collection of supporting evidence. Survey questions were weighted in consultation with expert groups to reach composite index scores. ITU also undertook independent verification to ensure accurate and reliable results.