The Cyber Readiness Index (CRI) 2.0 team developed a ground-breaking methodology, known as the CRI 2.0, to evaluate and measure a country’s preparedness levels for certain cybersecurity risks. The team of experts apply the CRI 2.0 to provide a compelling and actionable review of a country’s policies, plans, laws, standards, market levers (e.g., incentives and regulations), and other initiatives. The resulting actionable blueprint enables a country to better understand its Internet-infrastructure dependencies and vulnerabilities and assess its commitment and maturity to closing the gap between its current cyber security posture and the national cyber capabilities needed to support its digital future.

The CRI 2.0 uses over seventy unique indicators across seven essential elements to discern operationally ready activities and identify areas for improvement in the following elements: national strategy, incident response, e-crime and law enforcement, information sharing, investment in R&D, diplomacy and trade, and defense and crisis response. Each of these essential elements, if pursued in tandem, can help a country develop a stronger security posture to defend against economic erosion from cyber insecurity. Each area of inquiry is assessed across three cyber readiness levels: fully operational, partially operational, or insufficient evidence. The results are averaged to create an overall readiness assessment per country.

The threat to each country’s networked systems and infrastructures is real and growing. Data breaches, criminal activity, service disruptions, and property destruction are becoming commonplace. The resources available to increase the resilience of a country’s infrastructure and decrease the exposure of the countries to damage, however, are finite. The CRI 2.0 offers a comprehensive, comparative, experience-based methodology to help national leaders chart a path toward a safer, more resilient digital future in a deeply cybered, competitive, and conflict- prone world.

The CRI 2.0 is available in Arabic, Chinese, English, French, Russian, and Spanish and is being applied to 125 countries. While no country is cyber ready, there are countries that have developed effective mechanisms to achieve cyber readiness/preparedness and these programs and initiatives provide examples for other countries to learn from and possibly follow. As countries connect the next one to two billion people to the Internet and embrace next generation technologies, including the Internet of Things (IoT), the CRI 2.0 is a tool that can help identify and manage cybersecurity risks. The CRI 2.0 demonstrates how national security is closely intertwined with Internet connectivity and rapid adoption of ICT, which when secure, can lead to economic growth and prosperity.

For more information or to provide data to the CRI 2.0 methodology, please contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

National economic growth is deeply dependent upon the secure utilization of information communication technology (ICT) and the health of the overall Internet economy.  Countries are pursuing development and modernization initiatives to nurture their respective national information societies in the digital age by increasing their productivity, enhancing work force skills, driving innovation, and delivering gross domestic product (GDP) growth.  At present, there is no single methodology to evaluate any particular country’s maturity and commitment to securing their respective cyber infrastructure.  The Cyber Readiness Index seeks to fill that void.

The Cyber Readiness Index documents the core components of cyber readiness:

• National strategy
• Incident response
• E-crime and law enforcement
• Information sharing
• Investment in Research and Development
• Diplomatic engagement/ influence
• Ability to respond militarily in a crisis situation

Cyber Readiness Index 2.0

Click to download

Melissa Hathaway

Chris Demchak, Jason Kerben, Jennifer McArdle, and Francesca Spidalieri 

No country is cyber ready. 

It is a given that global economic growth is increasingly dependent upon the rapid adoption of information communication technology (ICT) and connecting society to the Internet. Indeed, each country’s digital agenda promises to stimulate economic growth, increase efficiency, improve service delivery and capacity, drive innovation and productivity gains, and promote good governance. Yet, the availability, integrity, and resilience of this core infrastructure are in harm’s way. The volume and velocity of threats to our networked systems and infrastructures is real and growing. Data breaches, criminal activity, service disruptions, and property destruction are becoming commonplace and threaten the Internet economy. 

Global leaders understand that increased Internet connectivity leads to economic growth only if the underlying infrastructure and the devices connected to it are safe and secure. However, until now, there has not been a comprehensive, comparative, experiential methodology to evaluate a country’s maturity and commitment to securing its national cyber infrastructure and services upon which its digital future and growth depend. The Cyber Readiness Index (CRI) 1.0, released on 10 November 2013, represented a new way of undertaking the problem and was designed to spark international discussion and inspire global action to address the economic erosion caused by cyber insecurity. 

Building on the CRI 1.0, The Potomac Institute for Policy Studies, under the leadership of Senior Fellow and Member of the Board of Regents, Melissa Hathaway, has undertaken a Cyber Readiness Index 2.0. The CRI 2.0 has two main components: First, it is designed to inform national leaders on the steps they should consider to protect their increasingly connected countries and potential GDP growth by objectively evaluating each country’s maturity and commitment to cyber security and resilience. Secondly, The CRI 2.0 defines ”cyber readiness” for a country and documents the core components of cyber readiness into an actionable blueprint for countries to follow. The CRI 2.0 methodology represents a useful, unique, and user-friendly tool to assess the gap between a nation’s current cyber security posture and the national cyber capabilities needed to achieve its economic vision. The blueprint developed and employed for this analysis includes over 70 unique data indicators across the following seven indices: 

1. National strategy;

2. Incident response;

3. E-crime and law enforcement;

4. Information sharing;

5. Investment in research and development (R&D);

6. Diplomacy and trade; and

7. Defense and crisis response.

The CRI 2.0 methodology is being applied to evaluate 125 countries' cyber readiness; assessing each country's maturity and commitment to cyber security and resilient infrastructures and services. 

For more information or to provide data to the CRI 2.0 methodology, please contact: This email address is being protected from spambots. You need JavaScript enabled to view it.