• Increased internet use during the pandemic has increased our vulnerability to cybercrime.
• Most governments' cybersecurity strategies overlook the importance of continued education.
• The most successful countries have long-term cybersecurity action plans and dedicated institutions.
For decades, governments have increased their cybersecurity budgets for national defence, but not invested enough to teach citizens adequate cyber-skills despite our growing reliance on the internet. This stance has contributed to cyberattacks becoming one of the fastest growing crimes, costing an estimated $600 billion globally in 2017.
The situation has become even more pressing during the pandemic as our reliance on the internet has grown. Millions of people globally now depend on it for work, school, health, and basic services. Yet many do not understand the risks and lack the skills to keep themselves, their communities and their employers safe.
The cyber highway code
Governments need to improve cybersecurity by using the same strategies introduced to make driving safer. Just as governments mandate airbags and sensors in cars, they should require building more secure digital devices. Just as drivers and passengers are taught how to wear seatbelts and to follow the rules of the road, citizens should be taught how to safely navigate the internet highway.
Have you read?
A small group of nations are moving in the right direction and can show others how best to proceed, according to our Cyber Risk Literacy and Education Index, which ranks 50 geographies, including the European Union. Switzerland, Singapore, the United Kingdom, Australia and the Netherlands topped the list because of their strong government policies, education systems, widespread access to training and citizen support to reduce risk.
To date, most governments’ strategies to improve cybersecurity overlook the importance of continued cyber-risk education for its citizens across all ages and social demographics. Many countries publish policies and aspirational plans, but few include actual steps or consistent funding to complete the work. Only eight countries in our index had publicly available metrics to measure their progress regarding cyber-risk literacy and education goals.
Yet studies show that 95% of cybersecurity issues can be traced to human error. Teaching basic skills such as using strong passwords, identifying phishing scams and understanding how data is gathered and how a digital identity is tracked online can dramatically improve the cybersecurity and the safety of a nation’s citizens.
Top-ranked countries find ways to ensure that their commitment to cyber-risk literacy does not shift to potentially more popular issues even when a new administration is elected. They accomplish this by creating long-term strategies and practical action plans, such as keeping the public informed about the programmes and their progress.
Switzerland, which ranked first in the index, has made specific goals and transparency a priority. It has a comprehensive 80-page implementation document that lays out departmental responsibilities, and what national or provincial legislation is required. Specific milestones are set, and a timeline assigned to ensure accountability. The education efforts appear to be working: Data from Kaspersky and Microsoft showed that that Swiss citizens were among the least likely to fall afoul of malware or infection.
The more successful nations create an office that is responsible for ensuring that citizens receive the cyber-risk education they need, whether they are kindergarteners or retirees. Singapore, ranked second in the index, established the Cyber Security Agency of Singapore to keep its cyberspace safe and secure. The nation is educating citizens in large part because internet use is high, and its global financial centre is at risk of attack. Its cyber-wellness courses occur over multiple grades, and focus on social and practical safety tips such as understanding cyber-bullying.
Education for the digitally vulnerable
Providing content tailored to at-risk populations such as the elderly, immigrants and low-income groups also should be a priority. Cyber-risk education is often left to the private sector, which can overlook underserved populations like seniors, who tend to be the least digitally savvy demographic. Many are using the internet more frequently, especially during coronavirus, putting them at greater risk of cyber-fraud. American internet users over the age of 60 lost $650 million through online scams in 2018, according to a report from the Aspen Institute.
By contrast, fourth-ranked Australia has been able to educate hundreds of thousands of teachers, students, parents and community groups through its eSafety Commission, which is devoted to tackling online safety for its citizens. The commission’s initiative weaves together communications, collaboration and action across law enforcement, welfare agencies, and mental health groups. As of August 2019, more than 11,000 teachers and 475,000 students, parents and community groups had participated in eSafety programs.
Governments also need to improve the quality of cyber-risk education by better training teachers and ensuring that educational materials are accessible and current. Estonia, ranked seventh in the index, prioritized digital education in response to extensive 2007 cyberattacks, which crippled banks, government agencies and media outlets for weeks. This Baltic country now has one of the world’s most advanced digital societies. Free wireless internet is available almost everywhere, and the nation uses quantitative metrics to track progress against practical goals. The country started to digitize all its educational materials in 2015, enabling 87% of Estonian schools to use online learning even before coronavirus.
A cyber-investment for the future
Too often governments focus on the cost of cyber-risk education rather than on the positive impact it could have on the economy. Yet eighth-ranked Israel shows how a well-educated population and connected institutions can contribute significantly to the national economy by providing more jobs and greater innovation. The country prioritizes cybersecurity education earlier than most countries and assesses the cyber-risk literacy of children and youth at key points in their development and education. This investment in human resources has led to a wealth of cyber-related innovation and economic growth.
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training through the Cybersecurity Learning Hub.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other companies and international organizations.
- Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Energy, Materials and Infrastructure have been bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
- The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.
Contact us for more information on how to get involved.
As we utilize more sophisticated digital and data-rich technologies, we need to protect our institutions, our communities, and ourselves from cybercrime. Companies should build more secure devices, infrastructure and data-processing capabilities. In turn, governments need to do their part by ensuring that all citizens get the education they need to remain safe online.