Countries around the world are improving their cybersecurity efforts, but stronger actions are needed to address evolving cyber threats, according to the Global Cybersecurity Index 2024, published by the International Telecommunication Union (ITU). On average, they are reported to have taken more measures related to cybersecurity and improved their cybersecurity commitments since the last index published in 2021.
Alarming threats highlighted in the report include ransomware attacks targeting government agencies and other sectors, breaches affecting key industries, costly system outages and privacy breaches for individuals and organizations. “Building trust in the digital world is of the utmost importance,” said Doreen Bogdan-Martin, Secretary General of the ITU. “The progress we are seeing in the Global Cyber​​​​Security Index is a sign that we must continue to focus our efforts to ensure that everyone, everywhere, can safely and reliably manage cyber threats in the digital landscape always more complex.”
The ITU’s Global Cyber ​​​​Security Index 2024 (GCI 2024) assesses national efforts in five pillars that represent a country’s commitments to cybersecurity: legal, technical, organizational, capacity building and cooperative. The GCI 2024 also uses a new five-level analysis, a change that allows a greater focus on each country’s progress in cybersecurity commitments and the corresponding impacts. The report places 46 countries in Tier 1, the highest of five levels, reserved for “exemplary” countries that demonstrate a strong commitment to all five pillars of cybersecurity.
Greece is among the leading countries
According to data for Greece, the country shows significant performance in several areas related to cyber security. In particular, it is classified in Level 1, which includes countries that act as models in the field of cyber security. The areas where the country seems to have relative strength are legal regulations, technical measures and organizational measures.
In the area of ​​legal measures, Greece scores a maximum of 20 points, while in technical measures it performs equally well, also obtaining 20 points. In terms of organizational measures, Greece’s score reaches 19.22 points, which shows that the country has a strong infrastructure and policies that support cyber security.
Despite the high performance in the above areas, there is room for improvement in the areas of capacity building and cooperation. In the area of ​​capacity building, the country scored 17.89 points, which shows that more efforts are needed to strengthen the skills and resources needed for cybersecurity. However, on cooperation measures, it is high, receiving 20 points, which indicates its strong cooperation at the international level to counter cyber threats.
In general, Greece is among the first countries in the world in the field of cyber security, as a model for other countries. Despite its already strong position, there is room for further improvement, especially in the area of ​​capacity building, which could further strengthen the country’s cybersecurity and resilience.
Regional challenges and opportunities
Most countries are in the “established” (Level 3) or “developing” (Level 4) stage when it comes to cybersecurity. The 105 countries in these levels have largely expanded services and digital connectivity, but still need to integrate cybersecurity measures. A “cyber capability gap,” characterized by limitations in skills, personnel, equipment, and funding, is evident in many countries and regional groups.
“The Global Cyber ​​​​​​Security Index 2024 shows significant improvements by countries implementing substantive legal measures, plans, capacity-building initiatives and cooperation frameworks, particularly in strengthening incident response capabilities,” said Cosmas Luckyson Zavazava, Director of the ITU Telecommunications Development Office. . “The ITU’s cybersecurity projects and programs support these national efforts to more effectively manage cyber threats, and I hope that the progress shown by this indicator will encourage countries to do more to develop secure and reliable digital systems and networks “.
According to GCI 2024, the region of Africa has made the most progress in cyber security by 2021. All regions of the world show improvement since the last report. The world’s least developed countries (LDCs) have also started to gain, although they still need support to go further and faster. GCI 2024 data shows that the average LDC has now reached the same level of cybersecurity as many non-LDC developing countries had in 2021. Landlocked developing countries (LLDCs) and small states developing countries (SIDS) continue to face resource and capacity constraints. in its cyber security efforts.
GCI 2024 includes assessments and provides a clear status report and roadmap of activities for further progress in cybersecurity. Other key findings of the report show that legal measures are the strongest pillar of cybersecurity for most countries: 177 countries have at least one personal data protection, privacy protection or breach notification regulation in place or in course. Cyber ​​incident response teams (CIRTs) are critical to national cyber security: 139 countries have active CIRTs, of varying levels of sophistication, up from 109 in the 2021 index.
National Cyber ​​Security Strategies (NCS) have become more widespread: 132 countries have a National Cyber ​​Security Strategy for 2024, up from 107 in the 2021 index, cyber security awareness campaigns are widespread, with 152 countries having implemented cyber security. public security awareness initiatives, with some even targeting specific demographic groups, such as vulnerable and underrepresented populations, to create a cybersecurity culture and address potential risks.
Incentives for the cybersecurity industry continue to evolve as governments promote the sector through incentives, grants and scholarships aimed at enhancing cybersecurity skills and promoting research, with 127 countries reporting some form of research and development related to cyber security. Many countries cooperate on cybersecurity through existing treaties: 92% of countries (166) said they participate in an international treaty or similar cooperation mechanism to develop cybersecurity capabilities or share information, or both.
Practical implementation of cybersecurity agreements and frameworks remains a challenge. Capacity building and technical pillars are relatively weak in most countries. 123 countries reported offering training for cybersecurity professionals, up from 105 in 2021. Additionally, 110 countries had frameworks to implement national or internationally recognized cybersecurity standards, up from 103 in 2021. Meanwhile, 153 countries have integrated cybersecurity in some national curricula. , although training and awareness vary considerably between regions.
As highlighted, the development of a strong domestic cyber security industry is essential to sustain progress. Countries should focus on protecting children online, as 164 countries have enacted legal measures to protect them, but only 94 countries have reported relevant strategies and initiatives, showing a gap in implementation.
The performance of European countries
According to the Global Cybersecurity Index (GCI) table of how countries in Europe are performing, countries are classified into five levels, which reflect each country’s level of maturity and commitment to cybersecurity.
In Level 1 (T1), which represents the countries that act as “models” (Role-modelling), the countries with the strongest commitment and implementation in the pillars of cyber security are included. This category includes countries such as Belgium, Greece, France, Germany, Iceland, the United Kingdom, and many others that stand out for their legal, technical, organizational and cooperative structures in the field of cybersecurity.
In Level 2 (T2), which concerns “advanced” countries, countries such as Albania, Austria, Hungary, Romania, Poland and others are classified. These countries have significantly developed their capabilities, but still have room for further progress in specific areas of cybersecurity.
Tier 3 (T3), described as (Establishment), includes countries such as Bulgaria, Latvia, Ukraine and others. These countries are in the phase of building their basic cyber security infrastructure and strategies.
Tier 4 (T4), which represents developing countries, includes countries such as Bosnia and Herzegovina, Liechtenstein and San Marino. These countries have made progress, but they still need substantial reinforcement of their efforts.
Finally, at Level 5 (T5), which concerns countries that are in the “Building” phase, is the Vatican, which has just begun to develop its cyber security strategies.
11 recommendations to strengthen cyber security
The report offers 11 key recommendations, from strengthening critical infrastructure to providing cybersecurity training. GCI 2024 suggests that countries can prioritize high-impact activities, including implementing legal measures that apply across the board, developing and regularly updating a comprehensive national cybersecurity strategy and practical action plan and concretely, strengthening incident response capabilities, providing capacity building and training for cyber security professionals, young people and vulnerable groups to strengthen cyber security skills, promoting cooperation domestic and international in information sharing, training opportunities and capacity building.