103. Malawi 27.27

103rd National Cyber Security Index
97th Global Cybersecurity Index
167th ICT Development Index
127th Networked Readiness Index
Population 16.8million
Area (km2) 118.5thousand
GDP per capita ($) 1.2thousand
NCSI FULFILMENT PERCENTAGE
NCSI DEVELOPMENT TIMELINE 3 years All data
RANKING TIMELINE
NCSI Update Data source
21 Oct 2021 Public data collection

Version 21 Oct 2021

GENERAL CYBER SECURITY INDICATORS
BASELINE CYBER SECURITY INDICATORS
  • 5. Protection of digital services 4/5 80%
    4
    5 80%
    • 5.1. Cyber security responsibility for digital service providers 0
      0
      1
      Requirements
      Criteria

      According to legislation, digital service providers (except micro and small enterprises): (1) must manage cyber/ICT risks or (2) must implement established cyber/information security requirements.

      Accepted references

      Legal act

      Evidence
    • 5.2. Cyber security standard for the public sector 1
      1
      1
      Requirements
      Criteria

      Public sector digital service providers must implement (1) cyber/ICT security requirements (defined by legislation) or (2) a widely recognised security standard.

      Accepted references

      Legal act

    • 5.3. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise public and private digital service providers regarding the implementation of cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence

      70. __(1) A cyber inspector shall have the following powers and functions__ (a) to monitor and inspect any website database with critical data or activity on an information system in the public domain and report any unlawful activity to the Authority

  • 6. Protection of essential services 0/6 0%
    0
    6 0%
    • 6.1. Operators of essential services are identified 0
      0
      1
      Requirements
      Criteria

      There is a legal act that allows to identify operators of essential services.

      Accepted references

      Legal act

      Evidence
    • 6.2. Cyber security requirements for operators of essential services 0
      0
      1
      Requirements
      Criteria

      According to the legislation, operators of essential services must manage cyber/ICT risks.

      Accepted references

      Legal act

      Evidence
    • 6.3. Competent supervisory authority 0
      0
      3
      Requirements
      Criteria

      The government has a competent authority in the field of cyber/information security that has the power to supervise operators of essential services, regarding cyber/information security requirements.

      Accepted references

      Official website or legal act

      Evidence
    • 6.4. Regular monitoring of security measures 0
      0
      1
      Requirements
      Criteria

      Operators of essential services must regularly (at least once every 3 years) provide evidence of the effective implementation of cyber/information security policies (e.g. audit result, documentation, specific report).

      Accepted references

      Legal act

      Evidence
  • 7. E-identification and trust services 6/9 67%
    6
    9 67%
    • 7.1. Unique persistent identifier 1
      1
      1
      Requirements
      Criteria

      The government provides a unique persistent identifier to all citizens, residents, and legal entities. For example, the identifier remains the same after document expiration and name change.

      Accepted references

      Legal act

      Evidence

      A unique National Identity number is assigned and a National Identity Card is then issued to each person, which allows them to prove their identity and information. A person’s National ID number then identifies and links them across many systems

    • 7.2. Requirements for cryptosystems 0
      0
      1
      Requirements
      Criteria

      Requirements for cryptosystems in the field of trust services are regulated.

      Accepted references

      Legal act

      Evidence
    • 7.3. Electronic identification 1
      1
      1
      Requirements
      Criteria

      Electronic identification is regulated.

      Accepted references

      Legal act

      Evidence

      8. (2) An electronic signature shall be authentic if __ (a) the means of creating the electronic signature is, within the context in which it is used, linked to the signatory and not any other person

    • 7.4. Electronic signature 1
      1
      1
      Requirements
      Criteria

      E-signature is regulated

      Accepted references

      Legal act

      Evidence

      Articles 8 - 13 of the Electronic Transactions and Cyber Security Act, 2016

    • 7.5. Timestamping 0
      0
      1
      Requirements
      Criteria

      Timestamping is regulated.

      Accepted references

      Legal act

      Evidence
    • 7.6. Electronic registered delivery service 0
      0
      1
      Requirements
      Criteria

      Electronic registered delivery service between state entities, citizens and private sector entities is regulated. The service provides legally binding data exchange and guarantees the confidentiality and integrity of information.

      Accepted references

      Legal act

      Evidence
    • 7.7. Competent supervisory authority 3
      3
      3
      Requirements
      Criteria

      There is an authority responsible for the supervision of qualified trust service providers.

      Accepted references

      Official website or legal act

      Evidence

      5. Unless otherwise provided in this Act, the Authority (Malawi Communications Regulatory Authority) shall be responsible for the implementation of this Act.

      12 (2) The Authority may, by notice published in the Gazette, approve digital signatures, certification authorities offering digital certificates, or authentication of a foreign information security service provider, for use by the public.

      12 (3) The Authority shall ensure that digital certificates comply with international best practices and standards.

      51. (1) The Authority shall accredit certification authorities.

      51. (2) the Minister shall, from time to time issue certification authorities accreditation regulations in consultation with the Authority which may include__ (a) application procedures accreditation; (b) applicable fees. (c) terms and conditions for accreditation; (d) standards to be maintained by accreditation authorities; (e) any other terms deemed necessary. (3) The authority shall __ (a) keep and maintain a register of certification authorities; and (b) do such things as necessary for the implementation of this Act.

      70. __(1) A cyber inspector shall have the following powers and functions__
      (a) to monitor and inspect any website database with critical data or activity on an information system in the public domain and report any unlawful activity to the Authority
      (b) (i) to investigate the activities of suppliers of encryption and of encryption service providers in relation to compliance with this Act

  • 8. Protection of personal data 1/4 25%
    1
    4 25%
INCIDENT AND CRISIS MANAGEMENT INDICATORS
Information Disclaimer

The information provided on the NCSI website is based on publicly available evidence materials. The appearance in the index and subsequent ranking is commensurate to the existence and public availability of such information. The NCSI links to third party websites and information. The NCSI and eGA are not responsible for the accuracy or completeness of third party website information.

What can I do to improve my country's data in NCSI?

Become a data contributor Update a specific indicator with evidence data