1. Estonia
2. France
3. Germany
4. Slovakia
5. Singapore
6. Finland
7. Lithuania
8. Spain
9. United Kingdom
10. Czech Republic

Data about Mali and Republic of Korea now available

Data on the cyber security situation of Mali and the Republic of Korea is now available in the index.

Mali is currently ranked 84th, with the highest score in the field of personal data protection, and a good result in the capacity of e-identification and trust services. The data for Mali was gathered through public data collection.

The Republic of Korea enters the index in 53rd place, also with a perfect score in personal data protection, but with good results in the capacities of fight against cybercrime, education and professional development, cyber crisis management, and cyber incidents response. The data for the Republic of Korea was also gathered through public data collection.

All data was checked by NCSI experts and is now published on the NCSI website at http://ncsi.ega.ee/ncsi-index/.

Guyana and Cameroon added to the index

Data on the cyber security situation of Guyana and Cameroon is now available in the index.

Guyana enters the index in 96th place, with positive scores in three capacities: contribution to global cyber security, cyber incidents response, and fight against cybercrime. The data about Guyana was collected from different public authorities under the coordination of the National Data Management Authority.

Cameroon enters the index in 80th place, performing well in the areas of cyber security policy development, protection of digital services and cyber incidents response. The data for Suriname was gathered through public data collection.

All data was checked by NCSI experts and is now published on the NCSI website at http://ncsi.ega.ee/ncsi-index/.

NCSI includes 100 countries' profiles, new website launched

The National Cyber Security Index has reached a milestone by having published information about the cyber security situation of 100 countries all over the world.

The information is continuously updated as information about new legislation, units, events, etc. is submitted to the NCSI team, but the current top 10 is the following (with NCSI scores in brackets):

  1. France (83.12)
  2. Germany (83.12)
  3. Estonia (81.82)
  4. Slovakia (80.52)
  5. Finland (79.22)
  6. Lithuania (77.92)
  7. Spain (77.92)
  8. United Kingdom (75.32)
  9. Switzerland (75.32)
  10. Czech Republic (74.03)

The new NCSI website allows filtering the ranking list by geographic regions and by membership in international and regional organisations such as NATO, EU, ASEAN, Arab League, etc. Please see the upper left corner of the front page for the filtering option.

The index includes 27 Asian countries, where the top performers are Malaysia (72.73), Japan (66.23), and Qatar (57.14).

Highest ranked countries from the Americas are the United States (64.94), Canada (57.14), and Peru (38.96).

Out of 18 African countries represented in NCSI, the top 3 is comprised of Mauritius (46.75), Nigeria (44.16) and Benin (41.56).

Another feature of the new website is that it is possible to compare the profiles of any two more countries against each other. To select a country's dataset for comparison, please go to any country page, find the "NCSI update" section and click on the blue plus sign that appears after the date.

Should you have any questions or comments regarding the index or the new website, please contact us at ncsi@ega.ee. Please use the same address if you are able to provide information about a country that is not yet in the index or complete information about any country that is already included.



Estonia ranks 3rd in the index

Updated data about Estonia is now available in the index, after the parliament passed the new Cybersecurity Act. Estonia currently ranks third after France and Germany, reaching maximum scores in the following six capacities: cyber threat analysis and information, contribution to global cyber security, protection of digital services, protection of personal data, cyber incidents response 24/7, and cyber crisis management.

The data collection was coordinated by Karoliina Ainge from the Estonian Ministry of Economic Affairs and Communications.

Slovakia takes first place in index

Eight new countries have recently joined the index. This also includes the new index leader - Slovakia - who have put significant efforts into developing their cyber security capacities over the past few years. Slovakia achieved the maximum score in an impressive 7 of the 12 capacities and takes a slight lead over Germany. The provision of information was coordinated by Mr Rastislav Janota, Chairman of the Cybersecurity Committee at the National Security Authority of the Slovak Republic.

Other new countries in the index include Sweden (rank 15), who got maximum points for their capacity to provide cyber security education and protection of personal data, Greece (rank 26), Argentina (rank 34), Cyprus (rank 38), Cote d'Ivoire (rank 46), Indonesia (rank 51), and Bhutan (rank 57). Mr Nestoras Chouliaras from the National Cyber Security Authority of Greece was the contact person for Greece, data about other countries was acquired by the NCSI team though data collection from public sources.

The index now includes information about 63 countries. The full table can be consulted at http://ncsi.ega.ee/ncsi-index.

NCSI included in ITU Index of Cybersecurity Indices 2017

The International Telecommunication Union (ITU) has published an overview of existing cybersecurity indices. The index of indices is a non-exhaustive list of outstanding surveys, indices and publications from private and public organisations. The National Cyber Security Index developed by the e-Governance Academy is also featured in the index (see page 5 and 7). The publication can be consulted at https://www.itu.int/en/ITU-D/Cybersecurity/Documents/2017_Index_of_Indices.pdf.  

Many new countries in the index

Some 13 new countries have made their first appearance in the index over the last six weeks.

New countries in the NCSI index include:

  • Hungary (rank 12)
  • Singapore (14-17)
  • Qatar (14-17)
  • Mauritius (25)
  • Benin (27)
  • Tunisia (32)
  • Egypt (33-35)
  • Uganda (38)
  • Ghana (41-42)
  • Saudi Arabia (41-42)
  • Senegal (44)
  • Madagascar (52)
  • Kiribati (53-54)

The NCSI team would like to thank the national contact points who helped us gather and review the information.

Information about Qatar was provided by Mr Hamid Sadiq, Director of Q-CERT. From Mauritius our contact person was Dr. Rooba. Y. Moorghen, Permanent Secretary at the Ministry of Technology, Communication and Innovation. The team providing information about Benin was led by Mr Ouanilo Medegan Fagla, Technical Advisor to the Presidency in the Bureau of Analysis and Investigation. The contact person for Tunisia was Mr Naoufel Frikha, Director General of the National Agency for Computer Security. Information about the cyber security situation in Egypt was submitted by Mr Sherif Hashem, Vice President for Cybersecurity at the National Telecom Regulatory Authority. The contact person from Kiribati was Mr Wayne Reiher, Director of ICT at the Ministry of Information, Communication, Transport and Tourism Development. Thank you all for your valuable contributions!

The index currently has information about 54 countries, but we are working towards the aim of reaching 100 countries by May 2018. The cyber security data about more than 30 countries is currently being checked and many further countries are filling in questionnaires. If your country's information is still missing in the index or should be updated, please contact us at ncsi@ega.ee.

NCSI methodology 2.0 launched

We have launched the second version of the NCSI methodology. The essence of the index has not changed - it still measures countries' cyber security situation through 12 strategic capacities, creating a global database providing links and documents about national cyber security. However, instead of 60 indicators we have limited the index to 46 indicators, which are grouped into 12 strategic capacities and further into three categories.


  • Cyber security policies
  • Capacity to analyse national-level cyber threats
  • Capacity to provide cyber security education
  • Contribution to international cyber security


  • Protection of digital services
  • Protection of essential services
  • E-identification and trust services
  • Protection of personal data


  • Detecting and responding to cyber incidents 24/7
  • Crisis management
  • Fight against cybercrime
  • Military cyber operations

For the full methodology, please consult