Published on Digital Development

How tailored national cybersecurity strategies enable safe, inclusive and sustainable digital development

This page in:
Cyber security concept, data protection and secured internet access, cybersecurity Data protection and secured internet access, cybersecurity | Image: Song_about_summer, Shutterstock

Countries worldwide—and developing countries in particular—recognize the need for digital transformation to foster economic growth, improve efficiency, enable skills development, and advance human and social development. In the aftermath of the COVID-19 pandemic, digitization has become an even more crucial enabler of economic and social development. It is also critical for achieving the 17 Sustainable Development Goals (SDGs)—all of which include digital components.

Realizing the desired economic and social prosperity from increased digitization is only possible if the digital infrastructure and systems underpinning them are safe and secure.   Addressing the fast-evolving nature of cybersecurity risks is challenging, largely due to the speed of digital innovation and the proliferation of threats that can impact the safety, prosperity, and resilience of a country.

To address these issues, many countries are developing national cybersecurity strategies (NCSs). Several multinational organizations have also affirmed the importance of adopting comprehensive NCSs. The latest reports by the Open-Ended Working Group (OEWG) and Group of Government Experts (GGE), for example, highlighted how developing cyber capacities at a global level—including by adopting NCSs—can help build trust and stability in cyberspace. Governments are getting the message. In the last three years, there has been a 40 percent increase in the number of countries that have adopted NCSs. But despite recent progress, 60 percent of least developed countries (LDCs) still do not have strategies, and most developing countries that have adopted one struggle to implement them due to a lack of financial and human resources.

Fortunately, tools and methodologies exist to help governments tackle these problems. The Guide to Developing a National Cybersecurity Strategy, now in its second edition, provides a useful and flexible framework to support policymakers in developing, updating, implementing, monitoring, and evaluating their strategies. It was developed by a consortium of over 20 expert organizations from the public and private sectors, inter- and non-governmental organizations, academia, and civil society. The guide serves as an important resource and blueprint for developing and implementing comprehensive, inclusive, and sustainable NCSs that take a country’s specific socio-economic vision, political context, and cultural and societal values into account and encourage the pursuit of secure, safe, and resilient digital societies.

The guide inspired the Global Policy Dialogue and Briefing on Cybersecurity Strategy Design and Implementation. The event, co-organized by the World Bank and the International Telecommunication Union (ITU) and moderated by the Global Forum on Cyber Expertise (GFCE), was designed to help governments think strategically about developing their NCSs and effectively implementing them. It brought together government leaders from across the globe—from Ecuador to Tonga—to reflect on their respective governments’ experiences, discuss priorities and challenges in designing and implementing NCSs, and facilitate partnership opportunities within the international community.

Developing country representatives shared some of the most common challenges to implementing NCSs. One of the biggest, for example, is developing and retaining a professional cybersecurity workforce. With over 3.5 million unfilled cybersecurity jobs expected by 2025 worldwide, governments—especially in developing countries—will be particularly hard-pressed to develop a professional cybersecurity workforce and prevent the brain drain towards better jobs abroad and in the private sector.

Andrew Toimoana, Director of Tonga’s Digital Transformation Department, said, “Here in Tonga—and I can speak for most of our Pacific neighborhood islands—we’ll be facing the same issue with employing human resources and trying to keep our experts in the island.”

Bolor-Erdene Battsengel, the State Secretary for Mongolia’s Ministry of Digital Development, expressed concerns about the low adoption rates of national cybersecurity strategies in LDCs and emphasized the importance of cybersecurity and digital skills development to securing the digitization process and, more broadly, ensuring successful development outcomes. “We live in a world where we already face several inequalities about gender, education, income, and economic levels,” she said, adding that rapid digitization can worsen these disparities. Battsengel concluded that when building cybersecurity capacity, countries should “start with those who have been left out of digital development.”

The Global Policy Dialogue addressed many of these issues and served as a catalyst for future engagements and partnerships. Moving forward, governments and the international community must channel the necessary resources into capacity building and workforce training initiatives to ensure the long-term sustainability, continuity, and scalability of their digital development and cybersecurity projects. A number of initiatives and resources can support ongoing collaboration in this area, for example, the GFCE. The exchange of information on the development and successful implementation of national cybersecurity strategies, coupled with new and enhanced financial assistance mechanisms and stronger international partnerships, will do much to strengthen the cyber resilience of developing countries and accelerate a safer digital transformation across the globe.


Isabel Neto

Practice Manager, Digital Development, Eastern and Southern Africa

Marco Obiso

Head of the Cybersecurity Division, International Telecommunication Union

Marjo Baayen

Director of the Global Forum on Cyber Expertise

Join the Conversation

The content of this field is kept private and will not be shown publicly
Remaining characters: 1000