• Increased internet use during the pandemic has increased our vulnerability to cybercrime.
• Most governments' cybersecurity strategies overlook the importance of continued education.
• The most successful countries have long-term cybersecurity action plans and dedicated institutions.
For decades, governments have increased their cybersecurity budgets for national defence, but not invested enough to teach citizens adequate cyber-skills despite our growing reliance on the internet. This stance has contributed to cyberattacks becoming one of the fastest growing crimes, costing an estimated $600 billion globally in 2017.
The situation has become even more pressing during the pandemic as our reliance on the internet has grown. Millions of people globally now depend on it for work, school, health, and basic services. Yet many do not understand the risks and lack the skills to keep themselves, their communities and their employers safe.
The cyber highway code
Governments need to improve cybersecurity by using the same strategies introduced to make driving safer. Just as governments mandate airbags and sensors in cars, they should require building more secure digital devices. Just as drivers and passengers are taught how to wear seatbelts and to follow the rules of the road, citizens should be taught how to safely navigate the internet highway.
Have you read?
A small group of nations are moving in the right direction and can show others how best to proceed, according to our Cyber Risk Literacy and Education Index, which ranks 50 geographies, including the European Union. Switzerland, Singapore, the United Kingdom, Australia and the Netherlands topped the list because of their strong government policies, education systems, widespread access to training and citizen support to reduce risk.
To date, most governments’ strategies to improve cybersecurity overlook the importance of continued cyber-risk education for its citizens across all ages and social demographics. Many countries publish policies and aspirational plans, but few include actual steps or consistent funding to complete the work. Only eight countries in our index had publicly available metrics to measure their progress regarding cyber-risk literacy and education goals.
Yet studies show that 95% of cybersecurity issues can be traced to human error. Teaching basic skills such as using strong passwords, identifying phishing scams and understanding how data is gathered and how a digital identity is tracked online can dramatically improve the cybersecurity and the safety of a nation’s citizens.
Top-ranked countries find ways to ensure that their commitment to cyber-risk literacy does not shift to potentially more popular issues even when a new administration is elected. They accomplish this by creating long-term strategies and practical action plans, such as keeping the public informed about the programmes and their progress.
Switzerland, which ranked first in the index, has made specific goals and transparency a priority. It has a comprehensive 80-page implementation document that lays out departmental responsibilities, and what national or provincial legislation is required. Specific milestones are set, and a timeline assigned to ensure accountability. The education efforts appear to be working: Data from Kaspersky and Microsoft showed that that Swiss citizens were among the least likely to fall afoul of malware or infection.
The more successful nations create an office that is responsible for ensuring that citizens receive the cyber-risk education they need, whether they are kindergarteners or retirees. Singapore, ranked second in the index, established the Cyber Security Agency of Singapore to keep its cyberspace safe and secure. The nation is educating citizens in large part because internet use is high, and its global financial centre is at risk of attack. Its cyber-wellness courses occur over multiple grades, and focus on social and practical safety tips such as understanding cyber-bullying.
Education for the digitally vulnerable
Providing content tailored to at-risk populations such as the elderly, immigrants and low-income groups also should be a priority. Cyber-risk education is often left to the private sector, which can overlook underserved populations like seniors, who tend to be the least digitally savvy demographic. Many are using the internet more frequently, especially during coronavirus, putting them at greater risk of cyber-fraud. American internet users over the age of 60 lost $650 million through online scams in 2018, according to a report from the Aspen Institute.
By contrast, fourth-ranked Australia has been able to educate hundreds of thousands of teachers, students, parents and community groups through its eSafety Commission, which is devoted to tackling online safety for its citizens. The commission’s initiative weaves together communications, collaboration and action across law enforcement, welfare agencies, and mental health groups. As of August 2019, more than 11,000 teachers and 475,000 students, parents and community groups had participated in eSafety programs.
Governments also need to improve the quality of cyber-risk education by better training teachers and ensuring that educational materials are accessible and current. Estonia, ranked seventh in the index, prioritized digital education in response to extensive 2007 cyberattacks, which crippled banks, government agencies and media outlets for weeks. This Baltic country now has one of the world’s most advanced digital societies. Free wireless internet is available almost everywhere, and the nation uses quantitative metrics to track progress against practical goals. The country started to digitize all its educational materials in 2015, enabling 87% of Estonian schools to use online learning even before coronavirus.
A cyber-investment for the future
Too often governments focus on the cost of cyber-risk education rather than on the positive impact it could have on the economy. Yet eighth-ranked Israel shows how a well-educated population and connected institutions can contribute significantly to the national economy by providing more jobs and greater innovation. The country prioritizes cybersecurity education earlier than most countries and assesses the cyber-risk literacy of children and youth at key points in their development and education. This investment in human resources has led to a wealth of cyber-related innovation and economic growth.
What is the World Economic Forum doing on cybersecurity
The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.
Our community has three key priorities:
Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.
Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.
Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.
Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.
The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.
For more information, please contact us.
As we utilize more sophisticated digital and data-rich technologies, we need to protect our institutions, our communities, and ourselves from cybercrime. Companies should build more secure devices, infrastructure and data-processing capabilities. In turn, governments need to do their part by ensuring that all citizens get the education they need to remain safe online.