How to improve your organization's cyber hygiene score

Countries and organizations with low cyber hygiene must produce quantitative metrics to assess risk in an ongoing fashion.

Countries and organizations with low cyber hygiene must produce quantitative metrics to assess risk in an ongoing fashion. Image: Getty Images/iStockphoto

Aleksandr Yampolskiy
Co-Founder and Chief Executive Officer, SecurityScorecard
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: World Economic Forum Annual Meeting
  • A new cybersecurity report shows the global distribution of cyber preparedness and cyberattacks.
  • Countries and organizations with low cyber hygiene must produce quantitative metrics to assess risk in an ongoing fashion.
  • Greater cyber resilience is needed for global stakeholders to rebuild trust and foster global solidarity.

In today's interconnected world, trust is the currency that fuels our economies and sustains our societies. As global leaders, we must recognize that transparency is key to trust, especially when it comes to securing our data and critical infrastructure.

At last year’s Annual Meeting of the World Economic Forum, SecurityScorecard released a report highlighting the state of cybersecurity in critical infrastructure. At the time, nation-state attacks had doubled in just one year, high-profile supply chain attacks were rising, and the average data breach cost had reached nearly $4.5 million. Fast-forward a year later, and much of this is still valid.

Cybersecurity transcends borders, posing a global challenge. Our 2024 Global Cyber Index Report explores cybersecurity resilience across regulatory, supply chain, geopolitical and resource aspects. It evaluates regions worldwide for cyber risk and its relationship to GDP.

Have you read?

SecurityScorecard maintains and continuously updates cybersecurity ratings on over 12 million organizations worldwide. We monitor over 200 signals about various aspects of cybersecurity, including network security, endpoint security, patching cadence, and others. Our data-driven scoring system uses machine learning to assess and quantify an organization’s cybersecurity risk.

To assess global cyber hygiene, we analyzed the cybersecurity scores across 6.3 million organizations situated in 189 countries located in 17 geographic regions around the world. We combined this data with 2022 GDP per capita economic data published by the IMF. Regional cybersecurity hygiene scores and GDP per capita were calculated using the means of the associated country hygiene scores and GDP per capita data.

The result? A revealing look into the world's cyber risk landscape. A summary of the data is presented below, with tallies of the number of countries and organizations contributing to each region's cyber hygiene score.

Cyber hygiene by global regions.
Cyber hygiene by global regions. Image: SecurityScorecard

There is a strong correlation between a region’s cybersecurity hygiene and its per capita GDP, as reflected in the diagram below. Overall, regions with higher per capita GDP tend to exhibit better cybersecurity hygiene and lower cyber risk – namely, Northern Europe, Western Europe, and Central Europe. It stands to reason that wealthier economies are better equipped with more resources to invest in resilient and safe infrastructure and to implement and maintain active security programs to combat the ever-evolving nature of cyber threats.

High GDP regions tend to display better cyber preparedness …
High GDP regions tend to display better cyber preparedness … Image: SecurityScorecard

The research also illustrates (below) that – on the whole – the countries with higher GDP per capita are more frequently the targets of major threat actor groups.

… but also more cyberattacks.
… but also more cyberattacks. Image: SecurityScorecard

Metrics that matter

While this research certainly highlights countries with strong cyber hygiene, it’s just as critical to highlight a cyber-resilient path forward for countries and regions with lower cyber hygiene scores.

Our joint research with the Cyentia Institute found that 98% of organizations have a relationship with at least one-third party that has experienced a breach in the last two years. Armed with this information, organizations are keenly aware that they can no longer rely on static analyses of their cybersecurity environments. Instead, they must continuously assess cybersecurity risk – including across their entire supply chain and vendor ecosystem – and produce quantitative metrics to measure that dynamic risk in a standardized, actionable way.

Increasingly, security ratings are becoming the best way to measure this risk. Just as a poor credit rating is associated with a greater probability of default, a poor security rating is associated with a higher probability of sustaining a data breach or other adverse cyber event.

While a high-security rating does not make an organization completely immune from cyber risk, it significantly lowers the chances of a breach. By offering an "outside-in" view of an organization's cybersecurity posture, organisations can see what a hacker sees. This identifies weaknesses not only in an organization's own cyber environment but illuminates risk throughout its supply chain as well while offering all stakeholders a common language with which to communicate cyber risk.

Strong cyber hygiene starts at the top

Strong cybersecurity hygiene is imperative when protecting critical infrastructure, including water, transportation, healthcare, energy and financial services. Cyberattacks on these vital parts of society can damage economies, disrupt essential services and adversely impact a country’s financial standing.

One vital thing to remember is that strong cybersecurity starts from the top; therefore, governments with robust cybersecurity measures serve as an example for industry groups, organizations, and businesses throughout their economies. This affects not only one nation but the surrounding regions as well. Enhancing resilience regionally and globally is vital to Davos's overall 'Rebuilding Trust' theme for this year.


How is the Forum tackling global cybersecurity challenges?

SecurityScorecard is committed to fostering a collective cyber resilience and information-sharing culture that enhance global competitiveness, encourage economic growth, reduce cyberattacks and increase stability. Together, we can all make the world safer.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityForum Institutional
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum