Two ASEAN nations, Singapore and Malaysia recently made the top three of the Global Cybersecurity Index (GCI) 2017 ahead of over 190 nations worldwide including the likes of Australia, France, Germany and Canada. The GCI was first launched in 2014 to measure the commitment and progress of all the International Telecommunication Union (ITU) member states towards cybersecurity and promote a global culture of cybersecurity.
193 ITU member states were evaluated based on the five pillars of the global cybersecurity agenda (GCA), namely legal, technical, organisational, capacity building and cooperation. Each pillar was then further divided into sub-pillars to further refine the findings. Based on those requisites, here are the top 10 most committed countries, according to the GCI report.
Both Singapore and Malaysia were lauded for the role that their government entities, Cyber Security Agency of Singapore and CyberSecurity Malaysia, have played in overseeing the programs, policies as well as issues concerning information security in their respective countries.
But whilst the governments of both countries have been stepping up the efforts to make cybersecurity a higher priority in recent years, the index does not necessarily reflect the state of cybersecurity preparedness. Based on various studies, such as the Quann IT Security End User Study 2017 or a few that we ourselves have conducted here at DSA, quite a significant number of companies in Singapore and Malaysia lack the necessary awareness and resources to defend against advanced cyber threats. Therefore, a high GCI ranking is certainly no cause for complacency by any means.
The 2017 edition marks the second iteration of the GCI, and whilst there is an improvement and strengthening of the global cybersecurity agenda overall, the report stated that there’s still considerable space for improvement as there exists a discernible gap in the level of cybersecurity engagement between different regions.
On the ASEAN front, the following table shows how all the Southeast Asian nations fared compared to the inaugural iteration of the GCI. However, do note that GCI 2014 and GCI 2017 are not directly comparable due to a change in methodology.
The report findings indicate that for many countries, cybersecurity related commitments are not equally distributed, with countries doing well in some pillars and not others. But in order for it to be most effective, cybersecurity needs to be an ecosystem whereby all five pillars are developed and nurtured simultaneously. The commitment must also come from the private sector and consumers alike. It’s important to develop a culture where citizens are not only tech-savvy, but security-savvy as well.