Cybersecurity is a growing challenge to sustainable economic development.Achieving better cybersecurity and cyber capacity is becoming a growing priority for both developed and developing countries. However, many developing countries struggle to effectively manage cyber risks because they don’t yet have sufficient capabilities, resources, skills, institutional capacity, and policy and regulatory frameworks to do so. How can we address these growing challenges and mitigate developing countries’ cyber risks?
It is important to understand the cybersecurity-related challenges that developing countries are facing as they become more digitized. A first step is for these countries and the development community to mainstream and elevate cybersecurity to the national and international levels by framing it as a development issue and enabler of sustainable growth rather than as a national security or law enforcement issue. At a recent event on challenges to cyber resilient development, practitioners and experts from around the globe weighed in on these points.
The German Ambassador for Cyber Foreign Policy, Regine Grienberger, noted that also for high-income countries such as Germany, cybersecurity is a team sport that requires a whole-of-government and whole-of-society approach.He also noted that establishing a competent national authority to lead cybersecurity efforts, fostering tighter coordination across government agencies, and ensuring allocation of adequate resources are vital.
Financing cybersecurity activities and ensuring their long-term sustainability, continuity, and scalability remains a major challenge for most countries. In some cases, low-and middle-income economies use a ‘residual model’ to finance cybersecurity with funding left over from IT budgets. This is neither feasible nor sustainable.“Cybersecurity is not something you invest on once and enjoy from then on – it’s a permanent and evolving challenge,” said Regine Grienberger.
Another persistent challenge to developing adequate capacity, skills, and expertise is the global shortage of a professional cybersecurity workforce. With over 3.5 million unfilled cybersecurity jobs expected by 2025 worldwide, governments – especially in developing countries – are concerned about building and retaining a skilled cybersecurity workforce in the public sector. Preventing a brain drain towards higher-salaried jobs in the private sector or abroad is top of mind. Albert Antwi-Boasiako, Director-General of Ghana’s Cyber Security Authority, pointed out that “the problem is not just the availability of human talent but also the affordability of talent.”
- and ensuring the long-term sustainability of any digital development and capacity building efforts. Moldova's Deputy Prime Minister for Digitalization Iurie Turcanu advocated for working closely with key partners – especially the private sector – to set up nationwide, locally-led, and resilient cybersecurity ecosystems that would include a local workforce, capabilities, training, and incentives for companies and start-ups.
Finding ways to better coordinate among donors, implementers, and recipient countries to avoid duplication of efforts and maximize resources is also important. Chris Painter, President of the Global Forum on Cyber Expertise, noted that
It’s clear that the challenges around mainstreaming cybersecurity, fostering coordination, building skills, and ensuring adequate funding are similar across countries of varying sizes and income levels. Development organizations, the World Bank included, are paying increased attention to cybersecurity as an important component of their programming and are providing investments, capacity building, and advisory services to enhance countries’ cyber resilience.
The World Bank recently brought together high-level government representatives and other stakeholders from developing and developed countries to explore the challenges, policies, good practices and resources needed to protect countries’ digital transformation and mitigate related cyber risks. Watch the replay: Top Challenges for Cyber Resilient Development.