140+ countries in the NCSI - Happy New Year 2020!

The NCSI has reached a new milestone at the end of this year. We currently display the National Cyber Security rankings, with their corresponding evidence, of more than 140 countries. In this last month, four Caribbean countries were introduced in the index, and the evidence of an additional European country was updated. 

Serbia climbed up the rankings to the 14th position. The presented evidence included: a cyber security strategy implementation plan, legislation relevant to the protection of digital services, increased response capabilities to cyber incidents, cryptosystem requirements and cyber security competencies at the primary and secondary education levels. 

The following Caricom countries debuted in the NCSI with their current rankings: Bahamas - 96th; Grenada - 118th; Saint Kitts and Nevis - 127th; and Dominica - 134th. Efforts vary from country to country, however, the common denominators are the existence of legislation regulating electronic signatures, and the participation in international military cyber exerises. 

2020 will be a year of challenges, since we will attempt to include all the remaining 50+ countries in the NCSI, and will continue updating those already in it. We would like to thank all our country contributors for their cooperation in this endeavour, and we would like to wish all of you a Happy New Year 2020!

Updated countries and new entries in the NCSI

Costa Rica and Suriname have raised in the rankings in the past weeks, as our contributors have provided new data to the index.

CSIRT – CR sent us an updated dataset, with revised information on education, protection of personal data and contribution to global efforts, in addition to detailing the existence of a cyber security policy unit. The points were awarded and Costa Rica reached the 42nd position, while staying in the Top 5 of the Americas.

Since their last update in 2017, Suriname has improved their commitment to cybersecurity. As members of the Global Forum on Cyber Expertise they maintain representation in an international cooperation format. Additionally, they possess a cyber incidents response and cybercrime unit. The respective points were awarded and Suriname achieved the 106th position in the NCSI.

Two Caribbean nations debuted in the NCSI, Saint Lucia and Saint Vincent and the Grenadines, in the 125th and 126th positions. They both present legislation that regulates electronic signatures and criminalises cybercrimes, and both are members of the ITU-IMPACT alliance. Saint Lucia goes further with personal data protection legislation and authority, while Saint Vincent and the Grenadines hosts a cyber security professional association and a cyber safety/security website.

Data on Sierra Leone published, while the United States' has been updated

Data on the cyber security situation of Sierra Leone is now available in the index, while the U.S.' dataset has been updated with the latest information.

Sierra Leone is currently ranked 129th, with a positive presence in the ITU Impact alliance. Their use of a unique persistent identifier for all citizens was also deemed a positive step to their future development in cyber security. The data was gathered through public data collection.

The United States has ranked up to the 13th place after the latest update. A more in depth review of public documentation allowed the update of some indicators and the consideration of new ones. Once more, the data was gathered through public data collection.

Data on Namibia, Papua New Guinea and Barbados published

Data on the cyber security situation on Namibia, Papua New Guinea and Barbados is now available in the index.

Barbados is currently ranked 111st, with positive scores for seven capacities, of which 'Fighting against cybercrime' obtained the highest score due to having an active cybercrime unit and criminalising such offences. The data for Barbados was gathered with the assistance of Government Officials from the Ministry of Innocation, Science and Smart Technology.

Papua New Guinea enters the index in 120th place, with positive scores for five capacities, among which they have a strong response to cyber incidents. The data for Papua New Guinea was gathered through public data collection.

Namibia enters the index in 121st place, with positive scores for four capacities, among which they have a strong presence in the educational and professional development of cyber security. The data for Namibia was also gathered through public data collection.

With the addition of these three countries, the list of nations in the NCSI has expanded to a total of 134. All data was checked by NCSI experts and is now published on the NCSI website at http://ncsi.ega.ee/ncsi-index/.

Greece claims the first place

After a data update, Greece is now ranked first in the National Cyber Security Index. The update takes into account the 2019 update to the Greek legislation on the implementation of the NIS Directive and on the existence of a cyber security policy coordination format. Greece reaches the full score in half of the 12 capacities, and high scores in the rest of them. 

The information for the update was provided by Mr. Nestoras Chouliaras from the National Cyber Security Authority.

Data about Congo DR and Belize published

Data on the cyber security situation of the Democratic Republic of Congo and Belize is now available in the index.

Congo DR is currently ranked 125th, with positive scores for two indicators: representation in international cooperation formats and participation in international cyber crisis exercises. The data for Congo DR was gathered through public data collection.

Belize enters the index in 123rd place, with positive scores for three indicators: representation in international cooperation formats, electronic signature, and criminalisation of cybercrimes. The data for Belize was also gathered through public data collection.

All data was checked by NCSI experts and is now published on the NCSI website at http://ncsi.ega.ee/ncsi-index/.

Overview of latest country updates

Over the last two months, updated datasets have been published for many countries. Below is an overview of the most important updates.

Denmark is ranked 6th in the index after significant updates provided by the Agency for Digitisation concerning protection of digital services, protection of essential services, education, and different responsible units.

Greece is ranked 11th, having had scores updated for the capacity of cyber threat analysis and information as well as for participation in an international cyber crisis exercise. The information about Greece was provided by the National Cyber Security Authority.

Argentina is up to 58th place after a data review by the Ministry of Modernization. Points were gained for indicators such as cyber security policy coordination format, ratifying the Convention on Cybercrime (Argentina joined the Budapest Convention in 2018), 24/7 point for cybercrime, etc.

Israel is in 24th place after a second public data collection update. Their capacities for cyber threat analysis and information, education and professional development, contribution to global cyber security, as well as incident and cyber crisis managament are now better reflected in the index.

Norway is currently ranked 31st. In the latest dataset we have taken into account the recent publishing of the new national cyber security strategy and its implementation plan.

Brazil gained more than 30 places and moved 51st in the ranking after an update, which added information about Brazil's cyber security capacity-building for other countries, identification of operators of essential services, fighting against cybercrime, participation in cyber crisis management exercises, etc.

NCSI version 2.1 released, changes in ranking

The NCSI team has specified the wordings of some indicator criteria, resulting in changes in the index ranking.

The changes are the following:

Indicator 5.3:

  • Previous wording: "The government has a competent authority that has the power to supervise digital service providers."
  • New wording: "The government has a competent authority in the field of cyber/information security that has the power to supervise public and private digital service providers regarding the implementation of cyber/information security requirements."

Indicator 7.2:

  • Previous wording: "Requirements for cryptosystems are regulated."
  • New wording: "Requirements for cryptosystems in the field of trust services are regulated."

Indicator 9.2:

  • The wording: "Digital service providers and operators of essential services have an obligation to notify appointed government authorities of cyber security incidents." has remained unchanged. However, we previously focused on digital service providers in the public sector, but now focus on digital service providers in both the public and the private sector.

The changes in the wording affected the scores of the following countries: Albania, Belarus, Estonia, Germany, Hungary, Kenya, Latvia, Lithuania, Luxembourg, Morocco, the Netherlands, New Zealand, Norway, Senegal, Serbia, Slovakia, Qatar, Tajikistan, the United States, and Uzbekistan

NCSI DEVELOPMENT
IS FUNDED BY