Cybersecurity frequently makes the headlines and has featured in the U.S. election — yet many people lack the basic skills to keep themselves, their communities and their workplaces safe from cyberattack. And most governments lack a clear understanding of how to overcome these knowledge gaps.
The cost of the problem is becoming exorbitant. The World Economic Forum ranks cyberattacks as thesecond most concerning risk在未来十年内全球开展业务。Covid-19大流行增加了通过加速数字技术的传播来增加威胁网络内的威胁，给予糟糕的演员，有机会瞄准几百万人在家中工作的。Ransomware attacksjumped by 20% in the first half of 2020, while the cost of cybercrime continues to climb and was estimated to be全球6000亿美元— or nearly one percent of world GDP — in 2018.
Missing a Crucial Vulnerability: People
An estimated 95% of cyber incidents can be traced tohuman error, such as failing to use secure passwords, falling for a phishing scam by opening emails from unknown addresses or exchanging data without due care. To address this pressing need, the Oliver Wyman Forum has launched its网络风险识字与教育指数. As the world rapidly becomes more digitized, governments and business are relying more and more on individuals to protect themselves and others. This phenomenon demands that people are sufficiently aware of growing cyber threats and practice good digital hygiene to thwart such threats.
In essence, universal cyber literacy will be as much of a foundation of the prosperity and security of nations in the 21st century as the ability to read and write was in the 20th century.
What Constitutes Cyber Risk Literacy?
In building our index, we identified five key drivers of cyber risk literacy:
- The public’s motivation to practice good cybersecurity hygiene;
- How well businesses are raising their employees’ cyber skills,
- And the degree to which digital access and skills are shared broadly within the population.
We take a broad approach because cybersecurity should involve everyone, from governments to businesses to individuals. So where does excellence lie? The countries that rank at the top of our inaugural index of cyber literacy and education are Switzerland, followed by Singapore, the United Kingdom, Australia and the Netherlands. They stand out for having specific government policies and metrics of success for cyber literacy, robust education systems that emphasize quantitative skills and cybersecurity instruction and employers who take cyber risk and literacy seriously.
The complete ranking covers 50 geographies, including the European Union, that collectively account for nearly 90% of the world’s economic output.
A Manual for Developing a Cyber Savvy Population
排名通常很好阅读 - 谁不想知道谁来了，谁在下来？但索引的实际价值是它如何确定良好网络素养的元素。我们衡量了32种不同的目标 - 一切都从给人们向地理位置吸引数字娴熟的人才的能力，从给予人们对政府，工业和学术界之间的网络安全的积极合作的基本理解 - 并发现哪些地理位置最能符合这些关键目标。实际上，该指数是开发网络救灾人口的用户手册。
Governments across the ranked geographies have issued cybersecurity strategies, and most of them address key literacy issues, such as educational curricula and collaboration, between the public and private sectors. But few contain a detailed action plan with dedicated resources and metrics of success.
The leaders in the ranking take their strategies to the next level. Switzerland has published an implementation plan with target milestones, Estonia provides quantitative metrics for measuring progress against its goals, and Australia provides specific funding for cyber literacy efforts rather than asking government departments to fund initiatives out of existing budgets.
A Cyber Wellness Course
Most educational systems do too little too late — failing to recognize the fact that many children today are online by the age of four. They would do well to look at geographies like Singapore, that introduced a cyber wellness course in 2014 and incorporates safety topics in multiple computer science courses, or Lithuania, that includes online safety lessons as part of its overall curriculum, including foreign language and literature courses.
We also looked at inclusivity because any cyber defense is only as strong as its weakest link. Denmark excels at providing near-universal access to digital technology and the Internet, while Ireland ranks at the top for an educational system that offers equal opportunities in rural and urban areas and across genders. It also boasts strong school completion rates.
Geographies that rank lower generally lack a thorough or truly national strategy, fail to emphasize cyber risk in school curricula, and lack measurement or tracking arrangements that demonstrate progress made and hold leaders accountable. Many, particularly in emerging markets, are only beginning to identify cybersecurity as a national concern. Plus, a low degree of technological and educational inclusivity across income, gender and urban versus rural locations can also be an issue. Some populous geographies boast high-tech hubs, but are only beginning to develop the cyber risk knowledge of their population at large.