But more effort is needed, says UN body

Governments around the world are steadily improving their cybersecurity efforts, according to the International Telecommunications Union (ITU).

While only half of countries around the globe had a cybersecurity strategy in 2017, this has now risen to 58%, according to a draft version of the UN body’s 2018 Global Cybersecurity Index (GCI).

The ITU gives the UK the top spot for commitment to cybersecurity, based on five ‘pillars’: legal, technical, organizational, capacity building, and cooperation.

As the report points out, collaboration with the Europol European Cybercrime Centre and the Joint Cybercrime Action Taskforce during 2018 enabled the UK to shut down a website linked to millions of distributed denial-of-service (DDoS) attacks against major British banks.

While the US places second, European countries have risen up in the rankings.

“The results for the current year are generally in line with prior years, with the European region showing an overall increased commitment to the Global Cybersecurity Agenda,” says William Malik, vice president of Infrastructure Strategies at Trend Micro.

“Europe’s improvements derive from the adoption of the GDPR, the initiative to set up a certification framework for ICT products, and the Network and Information Security Directive.”

Around the world as a whole, 91% of countries now have some sort of cybercrime legislation, up from 79% in 2017.

However, African countries generally lag behind with only Mauritius, Kenya, Rwanda, and South Africa appearing in the top 60.

In terms of technical defense measures there’s great variation, too. Here, Norway and Malaysia lead the field, based on their technical institutions and cybersecurity framework, followed by Estonia, France, and the UK.

“There is still a visible gap between many countries in terms of knowledge for the implementation of cybercrime legislation, national cybersecurity strategies (NCS), computer emergency response teams (CERTs), awareness, and capacity to spread out the strategies, capabilities and programmes in the field of cybersecurity,” the report notes.

The aim of the index is to help improve organizational structures, common standards, and information sharing mechanisms – but Malik points out that this doesn’t necessarily translate into actual cybersecurity performance.

“To be more specific, member governments have a long way to go to effectively secure their IT and OT (Operational Technology) environments. The GCA (Global Cybersecurity Agenda) benchmark refers to policy and organization, not effective detection, response, and remediation,” he says.

“Today the GCI is a primitive spelling test where people get points for penmanship. Eventually countries must master spelling and move on to grammar.”

Global ranking GCI 2018: Top ten

State Score

UK 0.931

USA 0.926

France 0.918

Lithuania 0.908

Estonia 0.905

Singapore 0.898

Spain 0.896

Malaysia 0.893

Canada 0.892

Norway 0.892

Global ranking GCI 2018: Bottom ten

Maldives 0.004

DRC 0.008

Comoros 0.015

Yemen 0.019

Dominica 0.019

DPR Korea 0.020

Eritrea 0.020

Vatican 0.021

Kiribati 0.028

Equatorial Guinea 0.031