On 24 November 2021, a consortium of twenty expert organizations from the cybersecurity community jointly published the second edition of the Guide to Developing a National Cybersecurity Strategy (NCS) to assist countries in their ongoing effort to develop, update, and implement national cybersecurity strategies including cyber-preparedness and digital resilience. The Cyber Readiness team at the Potomac Institute for Policy Studies provided extensive experience, knowledge, and expertise, as well as references to relevant aspects of the Cyber Readiness Index 2.0 (CRI 2.0), to the development of both the first edition of the Guide, published in 2018, and to the second iteration published today. The new edition of this good practice guidance reflects the evolving nature of cyberspace, as well as emerging security trends and threats that can impact the national security and economic wellbeing of a country and should, therefore, be included into national strategic planning.

NCSIn the last decade, most countries have both accelerated their digital transformation and become increasingly concerned about the immediate and future threats to their critical services, infrastructures, sectors, institutions, and businesses, as well as to international peace and security, that could result from the misuse of digital technologies. This fast-changing cyber threat landscape, the increased dependency on information and communication technologies (ICTs), and the proliferation of digital risks call for continuous improvements to national cybersecurity strategies. While more than 127 countries have adopted an NCS as of 2021 – an increase of 40% in the last three years, this should be considered an ongoing effort to strengthen the cybersecurity posture and digital resilience of a country. The new Guide intends to provide a useful, flexible, and user-friendly framework to set the context of a country’s socio-economic vision and current security posture and to assist national leaders and policymakers in the development of national cybersecurity strategies and policies that take into consideration a country’s specific situation, cultural and societal value, and that encourage the pursuit of secure, safe, and resilient digital societies.

As Melissa Hathaway, CRI Principal Investigator, stated: “over the last three years, the first edition of this Guide has served governments as an important resource and blueprint to develop and implement an NCS. The second edition was an even bigger effort to bring intergovernmental and international organizations, as well as private sector, academia, and civil society together to produce a comprehensive Guide to help governments improve their existing or future NCS and serve a growing number of national and international stakeholders. It is our hope that this Guide will encourage more national leaders and policymakers to think strategically about cybersecurity and cyber resilience and help them better align their national economic visions with their national security priorities.” Francesca Spidalieri, CRI Co-Principal Investigator, continued: “The second edition of the Guide makes an even stronger link between the need to balance the security risks associated with the proliferation of ICT-enabled infrastructure and services with a comprehensive national cybersecurity strategy, and the ability of a country to reap the full benefits of digitization and achieve the economic growth and the national security goals it is seeking.”

“Cyber risks can generate ever-growing security challenges for both public and private sector entities in countries at all stages of development. I champion the work Melissa Hathaway and Francesca Spidalieri do, as they lead Potomac Institute’s Cyber Readiness Index, and work tirelessly to educate leaders worldwide about the importance of cybersecurity and digital resilience to their countries and organizations. This new Guide is a huge step to strengthen national cybersecurity efforts around the world,” said Dr. Jennifer Buss, CEO at Potomac Institute.

The Guide is the result of a unique, collaborative, and equitable multi-stakeholder cooperation effort among partners working in the field of national cybersecurity strategies, policies, and cyber capacity-building, including: the Council of Europe (CoE), the Commonwealth Secretariat (ComSec), the Commonwealth Telecommunications Organisation (CTO), the Geneva Centre for Security Sector Governance (DCAF), Deloitte, the Forum of Incident Response and Security Teams (FIRST), the Global Cyber Security Capacity Centre (GCSCC), the Geneva Centre for Security Policy (GCSP), the Global Partners Digital (GPD), the International Criminal Police Organization (INTERPOL), the International Telecommunication Union (ITU), Microsoft, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), the Potomac Institute for Policy Studies (PIPS), RAND Europe, the World Bank, the United Nations Institute for Disarmament Research (UNIDIR), the United Nations Office of Counter-Terrorism (UNOCT), and the United Nations University (UNU).

Click here to download the Guide to Developing a National Cybersecurity Strategy.

The Cyber Readiness Index 2.0 (CRI 2.0) provides a comprehensive, comparative, experience-based methodology to assess countries’ commitment and maturity in regard to securing their national digital infrastructure and services upon which their economic growth and national resilience depend. The CRI 2.0 methodology can help countries identify existing gaps, strengthen their current cybersecurity posture, and better manage national-level cyber risk. It includes over seventy unique indicators across seven essential elements to discern operationally ready activities and identify areas for improvement in the following categories: national strategy, incident response, e-crime and law enforcement, information sharing, investment in research and development (R&D), diplomacy and trade, and defense and crisis response. The methodology is available in Arabic, Chinese, English, French, Russian, and Spanish. The CRI country profiles of France, Germany, India, Italy, Japan, Morocco, the Netherlands, Saudi Arabia, Slovakia, the United Kingdom, and the United States can be found by following this link.

For media inquiries please contact: John Mecham, This email address is being protected from spambots. You need JavaScript enabled to view it..

Follow us on Twitter: @CyberReadyIndex