If we are asked to identify the most advanced countries in the topic of cybersecurity, our minds go straight to industrialized countries. However, among the list of countries with the best cybersecurity, we can surprisingly find many developing countries too.
According to the International Monetary Fund (IMF), developing economies are those with a gross national income (GNI) per capita lower than $4,035. One may assume that countries with such a low income may not really care about technology, let alone cybersecurity. This assumption is wrong.
Although it is generally true that income is positively related to the information and communications technology (ICT) development index, and therefore lower-income countries are less developed in ICT, it is also true that the ICT development index (IDI) and the GCI are only weakly positively correlated. For instance, Iceland is the country with the highest IDI score, but it has a pretty low Global Cybersecurity Index (GCI) score; conversely, Tanzania is one of the countries with the lowest IDI scores, but it outranks Iceland in terms of the GCI score.
From the GCI 2018 rankings, we can find that almost half of the countries with a “high” level of commitment to cybersecurity are developing countries. In addition to that, 83.02% of the countries with a medium level of commitment are also developing countries. From these rankings we can see how the best developing country for cybersecurity (Malaysia) outranks four G7 countries. Also Saudi Arabia, the second-best developing country, has a higher cybersecurity ranking than half of the G7 countries.
The weakest G7 country in terms of cybersecurity appears to be Italy, at the 28th place, with nine developing countries outranking it.
But how can we measure how good a country’s cybersecurity level is?
GCI identifies five pillars: legal, technical, organizational, capacity building and cooperation. By looking at the score breakdown into these five pillars we can identify where the cybersecurity issues of each country lie. By looking, for example, at Malaysia and comparing it to the other top ten countries, we see how it gets a perfect score in the organizational field and also the highest score amongst the top ten countries in the technical and capacity building fields. Still, it looks like the country’s issues lie in the legal and cooperation fields, where it scores much lower than developed countries.
However, this is not the case for all developing countries. Kenya, the second-best African country for cybersecurity, outranks some top ten countries in the legal and cooperation area. Also Saudi Arabia and Oman score better than any of the top ten countries in the cooperation field, while Russia has a really high score in the legal department. Saudi Arabia is also the country with the highest capacity building score, making it one of the countries to watch in the next few years.
As we’ve seen, many developing countries are doing a great job in dealing with cybersecurity. Still, there are some challenges that they need to overcome, such as for instance having institutions that are able to keep up with the rapid growth of the cyberspace, having access to the resources they need, fostering education in this field and managing the cooperation between the public and the private sector.
The GCI will publish its 2021 report during the second semester of this year. Stay tuned to see whether developing countries have managed to overcome these challenges and climb the GCI rankings in the last three years!
Silvia Belloni
B.Cyber 
Leave a Reply