Countries around the globe are improving cybersecurity efforts, but stronger actions are needed to meet evolving cyberthreats, according to ITU’s Global Cybersecurity Index 2024. On average, countries have taken more cybersecurity-related actions and improved their cybersecurity commitments since the last index released in 2021.
“Building trust in the digital world is paramount," said Doreen Bogdan-Martin, ITU Secretary-General. “The progress seen in the Global Cybersecurity Index is a sign that we must continue to focus efforts to ensure that everyone, everywhere, can safely and securely manage cyberthreats in today's increasingly complex digital landscape."
Arab States’ Assessment
The ITU's Global Cybersecurity Index 2024 (GCI 2024) assesses national efforts across five pillars, representing country-level cybersecurity commitments: legal, technical, organizational, capacity development, and cooperation.
The GCI 2024 also refers to a new five-tier analysis, a shift that allows a greater focus on each country's advances in its individual cybersecurity commitments and consequential impacts.
Tier 1, the highest of the five tiers, is reserved for “role modelling" countries which demonstrate a strong commitment to all five cybersecurity pillars. This is followed by “advancing” (Tier 2), “establishing" (Tier 3), “evolving" (Tier 4), and “building” (Tier 5) countries.
- Tier 1 – Role Modelling
Out of the 46 countries in Tier 1, 8 countries from the Arab States were included. Egypt, Qatar, Saudi Arabia, and the United Arab Emirates excelled in all pillars.
According to the latest report from the National Cybersecurity Authority (NCA), Saudi Arabia’s cybersecurity market has experienced significant growth, reaching SAR 13.3 billion (USD 3.5 billion). Notably, among the Kingdom’s 19,600 cybersecurity professionals, women account for 32%, emphasizing the country’s ongoing efforts to bridge the gender gap in technology.
Based on a Censuswide survey, 94% of organizations in Saudi Arabia plan to increase their investment in artificial intelligence (AI) technology to enhance cybersecurity. For example, by incorporating emerging AI technologies, Salam aims to automate routine tasks, reduce manual errors, and enhance overall operational efficiency.
On the other hand, the 2024 Cybersecurity Readiness Index revealed that 91% of surveyed companies in the UAE are already incorporating AI into their security measures, particularly in areas such as threat detection, response, and recovery.
ITU-ARCC and Huawei are also promoting cybersecurity knowledge transfer, sharing best practices, and building up capacity in the Arab world.
During GISEC 2024, du, together with the ITU and the UAE Cybersecurity Council, launched the Global CyberDrill, with the aim of bringing together players from around the world to foster global cooperation and partnership in mitigating cyber threats.
To enhance Dubai’s digital infrastructure and strengthen the Emirate’s digital economy, the Dubai Cyber Security Strategy is designed to meet future needs and enhance digital defense capabilities by nurturing talent and fostering strategic partnerships.
Cybersecurity is a known cross-border field, asserting the need to cooperate with different countries. Dr. Ahmed Abdel-Hafez, VP for Cybersecurity Affairs at the NTRA Egypt, said that they ensure effective communication and information sharing between entities in Egypt and between nations. These include being a member of agencies like FIRST and OIC-CERT as well as maintaining bilateral agreements with Oman and Jordan, among others.
Bahrain, Jordan, Morocco, and Oman have also ranked high across all pillars. Notably, Oman is the host of the first ITU Cybersecurity Center (since 2013), which offers services to the 193 member states of the ITU.
In an exclusive interview with Telecom Review, Eng. Badar Al Salehi, Director-General, Oman National CERT, shed light on how they support public and private institutions by helping them improve their security measures. He also discussed the various ways companies can strengthen their cybersecurity and highlighted ongoing initiatives aimed at building a robust cybersecurity infrastructure in the region.
As part of the “Cyber Oman” program, Omantel hosted the UK Oman Digital Hub pilot program to provide Omantel Innovation Labs startups with access to advanced sessions on cyber security awareness, while also focusing on protecting against supply chain risks.
- Tiers 3, 4, and 5
Among the Tier 3 countries are Algeria, Kuwait, Libya, and Tunisia, all of which boast varying scores in legal, cooperation, technical and capacity development measures.
The majority of the Arab States fall within the Tier 4 segment, exhibiting largely expanded digital services and connectivity, and demonstrating a need to integrate cybersecurity measures. These include Comoros, Djibouti, Mauritania, Palestine, Syria, Iraq, Lebanon, Somalia, and Sudan.
Yemen’s score highlights that it needs to work on all five cybersecurity pillars, together with Afghanistan, Korea, the Maldives, Micronesia, and the Vatican, among others.
Key Cybersecurity Findings
Amidst the progress, a "cybercapacity gap"—characterized by limitations in skills, staffing, equipment and funding—was evident in many countries and across all regional groups.
"The Global Cybersecurity Index 2024 shows significant improvements by countries that are implementing essential legal measures, plans, capacity-building initiatives, and cooperation frameworks, especially in strengthening incident response capabilities," said Cosmas Luckyson Zavazava, Director of ITU's Telecommunication Development Bureau.
Legal measures emerged as the strongest cybersecurity pillar, with 177 countries having at least one regulation on either personal data protection, privacy protection, or breach notification in place or in progress.
Globally, countries are employing Computer Incident Response Teams (CIRTs), who work in line with their National Cybersecurity Strategies (NCS).
To build a culture of cybersecurity and address its potential risks, governments are promoting the cybersecurity industry through incentives, grants, and scholarships. These efforts aim to enhance cybersecurity skills and foster research in the field.
92% of countries are now part of an international treaty or comparable cooperation mechanism for cybersecurity capacity development, information sharing, or both. Nevertheless, putting cybersecurity agreements and frameworks into practical operation remains challenging.
To enhance capacity development and technical pillars, most countries are training cybersecurity professionals and have developed frameworks that will be either be implemented regionally or will be internationally recognized as an ergonomic-like cybersecurity standard.
Moreover, countries must focus more on protecting children online. Despite 164 countries having legal measures in place for child online protection, only 94 countries have actively executed the associated strategies and initiatives, indicating a gap in implementation.
Read More:
Cybersecurity Dominates Industrial Network Priorities in Cisco’s New Report
MECA Telecom Stakeholders Discuss ICT Policy and Cybersecurity Standards at MWC24
AI's Watchful Eye: Safeguarding Cybersecurity in the Generative Era