Introduction to Global Cybersecurity Index
The information and communication technologies (ICT) networks, devices and services are increasingly
critical for day-to-day life. In 2016, almost half the world used the Internet (3.5 billion users) and according to one estimate, there will be over 12 billion machine-to-machine devices connected to the Internet by 2020. Yet, just as in the real world, the cyber world is exposed to a variety of security threats that can cause immense damage.
Statistics on threats to computer networks are sobering and reflect a shift from the relatively innocuous spam of yesteryear to threats that are more malicious. A security company tracking incidents in 2016 found that malicious emails became a weapon of choice for a wide range of cyberattacks during the year used by everyone from state-sponsored cyberespionage groups to mass-mailing ransomware gangs. One in-131 emails sent were malicious, the highest rate in five years. Ransomware continues to plague businesses and consumers, with indiscriminate campaigns pushing out massive volumes of malicious emails. In some cases, organizations can be overwhelmed by the sheer volume of ransomware-laden emails they receive. Attackers are demanding more and more from victims with the average ransom demand in 2016 rising to USD 1 077, up from USD 294 a year earlier. The scale of cybercrime makes it critical for governments to have a robust cybersecurity ecosystem in place to reduce threats and enhance confidence in using electronic communications and services.
It is therefore clear that there is a direct cause-effect principle between the growth of ICTs and their illicit and malicious use. To counter this effect, cybersecurity is becoming more and more relevant in the minds of countries’ decision-makers, and cybersecurity-related doctrines have been established in almost all countries in the world.
However, there is still an evident gap between countries in terms of awareness, understanding, knowledge and finally capacity to deploy the proper strategies, capabilities, and programmes to ensure safe and appropriate use of ICTs as enablers for economic development.
In this context, ITU, together with international partners from private-public and private sector as well
as academia, has established the GCI with the key objective of building capacity at the national, regional
and international level, through assessing the level of engagement of countries on cybersecurity, and,
with the data gathered, producing a list of good practices that can be used by countries in need.
The Global Cybersecurity Index (GCI) is included under ITU Plenipotentiary Resolution 130 (Rev. Dubai, 2018) on strengthening the role of ITU in building confidence and security in the use of information and communication technologies. Specifically, Member States are invited “to support ITU initiatives on cybersecurity, including the Global Cybersecurity Index (GCI), to promote government strategies and the sharing of information on efforts across industries and sectors”. The ultimate goal is to foster a global culture of cybersecurity and its integration at the core of information and communication technologies.