Cyber Readiness Index 2.0

Click to download

Melissa Hathaway

Chris Demchak, Jason Kerben, Jennifer McArdle, and Francesca Spidalieri 

No country is cyber ready. 


English French Spanish Chinese Arabic Russian


The Cyber Readiness Index (CRI) 2.0 team developed a ground-breaking methodology, known as the CRI 2.0, to evaluate and measure a country’s preparedness levels for certain cybersecurity risks. The team of experts apply the CRI 2.0 to provide a compelling and actionable review of a country’s policies, plans, laws, standards, market levers (e.g., incentives and regulations), and other initiatives. The resulting actionable blueprint enables a country to better understand its Internet-infrastructure dependencies and vulnerabilities and assess its commitment and maturity to closing the gap between its current cyber security posture and the national cyber capabilities needed to support its digital future.

The CRI 2.0 uses over seventy unique indicators across seven essential elements to discern operationally ready activities and identify areas for improvement in the following elements: national strategy, incident response, e-crime and law enforcement, information sharing, investment in R&D, diplomacy and trade, and defense and crisis response. Each of these essential elements, if pursued in tandem, can help a country develop a stronger security posture to defend against economic erosion from cyber insecurity. Each area of inquiry is assessed across three cyber readiness levels: fully operational, partially operational, or insufficient evidence. The results are averaged to create an overall readiness assessment per country.

The threat to each country’s networked systems and infrastructures is real and growing. Data breaches, criminal activity, service disruptions, and property destruction are becoming commonplace. The resources available to increase the resilience of a country’s infrastructure and decrease the exposure of the countries to damage, however, are finite. The CRI 2.0 offers a comprehensive, comparative, experience-based methodology to help national leaders chart a path toward a safer, more resilient digital future in a deeply cybered, competitive, and conflict- prone world.

The CRI 2.0 is available in Arabic, Chinese, English, French, Russian, and Spanish and is being applied to 125 countries. While no country is cyber ready, there are countries that have developed effective mechanisms to achieve cyber readiness/preparedness and these programs and initiatives provide examples for other countries to learn from and possibly follow. As countries connect the next one to two billion people to the Internet and embrace next generation technologies, including the Internet of Things (IoT), the CRI 2.0 is a tool that can help identify and manage cybersecurity risks. The CRI 2.0 demonstrates how national security is closely intertwined with Internet connectivity and rapid adoption of ICT, which when secure, can lead to economic growth and prosperity.

For more information or to provide data to the CRI 2.0 methodology, please contact: This email address is being protected from spambots. You need JavaScript enabled to view it.





The Potomac Institute for Policy Studies
Ballston Metro Center Office Towers
901 North Stuart Street, Suite 1200
Arlington, VA 22203
Tel 703.525.0770

Click here for map  

Our Mission

The Potomac Institute for Policy Studies is an independent, 501(c)(3), not-for-profit public policy research institute. The Institute identifies and aggressively shepherds discussion on key science and technology issues facing our society. From these discussions and forums, we develop meaningful science and technology policy options and ensure their implementation at the intersection of business and government.


Follow Us on Facebook  Follow us on Twitter Connect with us on LinkedIn  See us on YouTube