Image: Heat Map of National Cybersecurity Commitments from Green (highest) to Red (lowest)/ page 13 of report
Singapore was ranked at the top position globally in the International Telecommunication Union’s (ITU) Global Cybersecurity Index (GCI) for 2017. ITU is the United Nations specialised agency for information and communication technologies (ICTs).
The GCI is a survey that measures the commitment of Member States to cybersecurity in order to raise awareness. It is based on the ITU Global Cybersecurity Agenda (GCA) and its five pillars: legal, technical, organisational, capacity building and cooperation. Questions were developed for each of these pillars to assess commitment. Through consultation with a group of experts, these questions were weighted in order to arrive at an overall GCI score. The survey was administered through an online platform through which supporting evidence was also collected.
One-hundred and thirty-four Member States responded to the survey throughout 2016. Member States who did not respond were invited to validate responses determined from open-source research. The final results cover all 193 ITU Member States.
The top 10 countries worldwide are Singapore, United States, Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France and Canada. Within the Asia-Pacific region, Japan, Republic of Korea, New Zealand, Thailand, India, China and the Philippines rounded out the top ten, in that order. Their global ranks were 11, 13, 19, 20, 23, 32 and 37 respectively.
Member States were classified into three categories by their GCI score: Initiating stage, which included 96 countries with GCI score less than the 50th percentile, that have started to make commitments in cybersecurity; Maturing stage refers to the 77 countries with GCI score between the 50th and 89th percentile, that have developed complex commitments, and engage in cybersecurity programmes and initiatives; and Leading stage refers to the 21 countries with GCI score in the 90th percentile, that demonstrate high commitment in all five pillars of the index.
The report notes that Singapore launched its first cybersecurity master plan back in 2005, the Infocomm Security Masterplan (2005-2007). The Cyber Security Agency of Singapore (CSA) was set up in 2015 to coordinate the country’s national efforts in cybersecurity. In October 2016, a new cybersecurity strategy was launched in Singapore.
There has been improvement in the overall picture of all five elements of the cybersecurity agenda in various countries in all regions during the past year. However, there is space for further improvement in cooperation at all levels, capacity building and organisational measures. Significant gaps persist in the level of cybersecurity engagement between different regions. The level of commitment is not necessarily correlated to the wealth of the country.
Only 38% countries have a published cybersecurity strategy, while a mere 11% have a dedicated standalone strategy. Around 12% have a cybersecurity strategy under development. 61% have an emergency response team with national responsibility. Only 21% publish metrics on cybersecurity incidents.
The report also highlights the need to devote more efforts to develop homegrown cybersecurity industry, as a local industry will have knowledge of national circumstances and make the security ecosystem more sustainable. 32% of countries replied affirmatively to this question.
95% of countries reported participation in international cybersecurity events, reflecting the potential for global cooperation in the cybersecurity arena.
The report says that cybersecurity is not just a concern of the government but also needs commitment from the private sector and consumers.
Read the report here.