De-risking digital investments to support cyber resilient development
This page in:
Did you know that the United Nations estimates that the funding gap for building [digital] infrastructure in developing countries is over one trillion dollars annually? Today, all modern infrastructure projects, as well as all Sustainable Development Goals (SDGs), include at least some digital components and/or are dependent on digital systems — which, in turn, are increasingly vulnerable to cyber risks and threats. Embracing digital technologies to improve society requires us to understand the “dark side of innovation” and incorporate cybersecurity and cyber resilience into all development projects.
to improve productivity, efficiency, innovation, and competitiveness. , enable skills development, encourage modernization, and advance human and social development.
This is why development organizations — including the United Nations,
They also aim to narrow the “digital divide” between the connected and unconnected. These entities are allocating significant funds toward digital development in lower- and middle-income countries to accelerate the achievement of the SDGs and other desired development outcomes in those countries.But despite the clear benefits of digital technologies to economies and societies, most digital investments and development assistance programs have not placed the necessary attention (or de-risking mechanisms) on the risks stemming from the misuse of ICTs, including becoming tools for cybercrime, data exploitation, critical infrastructure failures, disruptions of essential services, increased surveillance, disinformation, digital authoritarianism, and other risks to health and safety. And
that are threatening the security and resilience of their digital infrastructure and systems and eroding trust in the digital environment. that ultimately undermine development efforts.Understanding the specific cybersecurity risks these countries face is critical in this context. Developing local institutional, governance, legal, and workforce capacity is more crucial than ever to harness and manage their digital transformation, mitigate related risks, and will enable these countries to develop more resilient economies and societies. This calls for the broader development community to elevate cybersecurity as a first-order strategic and operational priority in all development programs and carefully evaluate cyber/digital risks throughout their programming lifecycle, from a project’s identification to its design, appraisal, and implementation.
This means all development projects using digital technologies must factor in the ongoing cost of ICT support, training, and systems upgrades — to ensure sustainable and resilient services, infrastructures, and ultimately development outcomes.
These recommendations are underpinned by an extensive study we conducted to identify key challenges and benefits of incorporating cybersecurity, cyber resilience, and cyber capacity building into digital investments and the broader development agenda. Our report, “Integrating Cyber Capacity Building into the Digital Development Agenda,” concluded that international development organizations and donors must recognize the digital vulnerability of every modern infrastructure project and development assistance program and mainstream cybersecurity and cyber resilience into all development projects — including sectoral projects not strictly digital (for example, health, energy, transport).
To address this shortfall and protect their digital investments, they must build cybersecurity de-risking mechanisms to identify and mitigate the cybersecurity/technology-related risks in their digital development projects — much like the mandatory environmental and social safeguards that are the linchpins of infrastructure, health, energy, and transportation projects.
Following the release of our report, we organized an event that included speakers from World Bank, USAID, and the European Bank for Reconstruction and Development. It focused on catalyzing action across multilateral development banks, national and international development organizations, and other large donors to prioritize cybersecurity and cyber resilience as cross-cutting issues in the global development agenda. The session provided an important opportunity to hear how these respective organizations are integrating cybersecurity considerations, resources, responsibilities, and management tools into their development projects and building safeguards into their procurement, assistance, or investments operations to mitigate cyber harms.
This blog is based on the key findings and recommendations from the report “Integrating Cyber Capacity Building into the Digital Development Agenda,” commissioned by the Global Forum for Cyber Expertise (GFCE) with the financial support of the World Bank’s Digital Development Partnership. Download it here.
RELATED
Report: Integrating Cyber Capacity Building into the Digital Development Agenda
Join the Conversation