Cyber risk literacy should be part of every defensive strategy
While almost 95 percent of cybersecurity issues can be traced back to human error, such as accidentally clicking on a malicious link, most governments have not invested enough to educate their citizens about the risks, according to a report from the Oliver Wyman Forum.
Cyber risk literacy of the population
Cyber literacy, along with financial literacy, is a new 21st century priority for governments, educational institutions, and businesses.
“Cyberattacks are now one of the fastest growing crimes globally and are expected to cost organizations more than $600 billion dollars a year by 2021,” said Paul Mee of the Oliver Wyman Forum.
“The situation has become even more pressing during the pandemic as our reliance on the internet has grown. Yet many citizens still lack the basic skills to keep themselves, their communities, and their employers safe.”
50 geographies were assessed, including the European Union, on the present cyber risk literacy of its population, and the nature of related education and training available to promote and enable future cyber risk literacy.
Specifically, the Index measures five key drivers of cyber risk literacy and education: the public’s motivation to practice good cybersecurity hygiene; government policies to improve cyber literacy; how well cyber risks are addressed by education systems; how well businesses are raising their employees cyber skills, and the degree to which digital access and skills are shared broadly within the population.
How are assessed countries doing?
Switzerland, Singapore and the UK topped the list because of their strong government policies, education systems and training, practical follow through and metrics as well as population motivation to reduce risk.
Switzerland, the number one ranked country, has a comprehensive implementation document that lays out specific responsibilities along with what national or provincial legislation is required. Specific milestones are set, and timelines are assigned to ensure accountability regardless of who oversees the government.
Singapore, which is ranked second, has prioritized cybersecurity education efforts from early childhood to retirees. It established the Cyber Security Agency of Singapore to keep its cyberspace safe and secure. Its cyber wellness courses occur over multiple grades and focus on social and practical safety tips such as understanding cyber bullying.
The UK ranked third, has the most integrated cyber system because it incorporates cyber risk into both primary and secondary education. The UK’s National Cyber Security Strategy of 2016-2021 is also one of the strongest plans globally. The US ranked 10th.
Countries that rank lower lack an overall national strategy and fail to emphasize cyber risk in schools. Some countries in emerging markets are only beginning to identify cybersecurity as a national concern.
“Governments that want to improve the cyber risk literacy of their citizens can use the index to strengthen their strategy by way of adopting new mindsets, trainings, messaging, accessibility and best practices,” Mee added. “With most children using the internet by the age of four, it is never too early to start teaching your citizens to protect themselves.”