Singapore has topped the International Telecommunication Union’s Global Cybersecurity Index (GCI) 2017, followed by United States and Malaysia.
Other countries in the Top 10 include Oman, Estonia, Mauritius, Australia, Georgia, France, and Canada.
The GCI is a survey that measures the commitment of Member States to cybersecurity in order to raise awareness. The GCI revolves around the ITU Global Cybersecurity Agenda (GCA) and its five pillars (legal, technical, organizational, capacity building and cooperation).
One-hundred and thirty-four Member States responded to the survey throughout 2016.
The overall picture shows improvement and strengthening of all five elements of the cybersecurity agenda in various countries in all regions. However, there is space for further improvement in cooperation at all levels, capacity building and organizational measures. As well, the gap in the level of cybersecurity engagement between different regions is still present and visible.
The level of development of the different pillars varies from country to country in the regions, and while commitment in Europe remains very high in the legal and technical fields in particular, the challenging situation in the Africa and Americas regions shows the need for continued engagement and support.
One of the strongest commitments is to outline a cybersecurity strategy describing how the country will prepare and respond to attacks against its digital networks, according to the GCI.
Only 38% countries have a published cybersecurity strategy and only 11% have a dedicated standalone strategy; another 12% have a cybersecurity strategy under development. More effort is needed in this critical area, particularly since it conveys that the government considers digital risks high priority.
In the area of training, efforts need to be enhanced particularly for those who are most likely going to legally handle cybersecurity crimes given that less than half the Member States (43%) have capacity-building programmes for law enforcement and the judicial system.
Despite half of the Member States not having a cybersecurity strategy, 61% do have an emergency response team (i.e., CIRT, CSRIT, and CERT) with national responsibility. However, just over a h (21%) publish metrics on cybersecurity incidents (Figure 5.1.2, right). This makes it difficult in most countries to objectively assess incidents based on the evidence and determine if protection measures are working.
Just less than a third of countries (32%) replied affirmatively to the existence of a homegrown cybersecurity industry. More efforts need to be devoted to this area as a local industry will have knowledge of national circumstances and make the security ecosystem more sustainable.
The potential for global cooperation is heightened by participation in international cybersecurity events. This is almost universal with 95% of countries replying affirmatively.