I’ve been in Australia this week visiting customers, speaking at conferences, and meeting with peers and colleagues in the security space. With Australia poised to take the G20 leader’s chair in just over two weeks (December 1, to be specific), my visit here could not have been better timed.
On this tour, I have been appearing with Melissa Hathaway, president of Hathaway Global Strategies, LLC and former White House cyber security chief, as she launches a new study entitled “The Cyber Readiness Index 1.0.” The study looks at the top 35 countries that have embraced Information and Communications Technology (ICT) and the Internet, and then evaluates each country’s maturity and commitment to cyber security across five essential elements that include: national strategy, incident response, e-crime law enforcement, information sharing, and investment in R&D. The study calculates a Cyber Readiness Index (CRI) based on these performance factors.
Key findings from the study include:
- ICT can contribute at least 4 percent GDP growth to G20 countries. Some countries (Australia, Canada, The Netherlands, UK and US) lead the CRI with action in all categories, but cyber insecurity can make significant subtractions to ICT’s GDP contribution.
- 27 of 35 countries have a cyber security strategy , yet few measure progress and even fewer invest in the strategy’s successful outcome.
- 20 of 35 countries are committed by treaty to combat cybercrime by adopting appropriate legislation, fostering international co-operation, and facilitating cybercrime detection, investigation and prosecution at both the domestic and international levels.
- Few countries are investing in private-public information sharing exchanges and even fewer have aligned national R&D initiatives.
As we’ve been sharing the research in conversations with government and customers this week, the CRI concept has sparked a new way of discussing cyber security. First, any economic metric that can be expressed as percentage of GDP is a serious number. That cyber crime losses now enter into GDP calculations means that cyber crime and mayhem have “graduated” from an annoyance to a serious threat to social and economic wellbeing.
Second, significant social and economic problems require equally significant response by societies, governments, and economic institutions. In particular, I believe cyber security needs to move beyond the current state of individualized every-government-company-and-computer-end-user-for-themselves measures to a posture that takes a networked approach—in both technology and socio-economic senses of the word—to identifying and defeating cyber threats.
Time is always of the essence. I hope you’ll take the time to read the full Cyber Readiness Index, and take action to strengthen cyber security readiness at whatever level you have influence—personal, business, or public sector. Then, when Australia hosts the G20 Summit in Brisbane in November 2014, the dialogue and information sharing can be that much richer from all our efforts to invest in and protect the future of our global Internet economy.