There are a number of cybersecurity indexes available on the Internet.
The International Telecommunication Union (ITU) and ABI Research published their Global Cybersecurity Index (GCI) in April 2015. The GCI provides a relative indicator of a nation’s cybersecurity development and is intended to be an ongoing effort.
The index looks at five different areas: legal measures, technical measures, organizational measures, capacity building efforts, and international cooperation. As I discussed in my article in the NCI Journal, Elements of a National Cybersecurity Strategy for Developing Nations, nations need to take some basic steps if they are to improve cybersecurity. The effort needs to be cross-domain. Having a legal structure is necessary but without a trained work force or an adequate CERT infrastructure it is difficult to take effective action.
It is interesting to note that the index does not measure the effectiveness of the measures but merely the existence of a country’s efforts in the rated areas of cybersecurity. Thus while the U.S. ranks first in terms of cybersecurity development; even well prepared nations are far from impervious to attacks such as the recently disclosed Office of Personnel Management breech involving upwards of 7.5% of the U.S. population.
The GCI does provide a useful tool for identifying the nation’s relative cybersecurity climate and potential risks. Researchers will find the cyberwellness profile in Annex 3 particularly useful to get an idea of a nation’s cybersecurity sophistication. The ITU hopes to maintain a current database at http://www.itu.int/en/ITU-D/Cybersecurity/Pages/GCI.aspx. The GCI represents the views of responding governments. It is weighted toward policy actions.
Private Sector Indices
The Index of Cybersecurity (http://www.cybersecurityindex.org ) reports on a monthly survey of chief risk officers, CISOs, and practitioners. This index is useful for understanding trends in the thoughts of cyber professionals and tracking of trends. The index looks at five specific factors (attack actors, weapons, desired effects, targets, and defenses) and the overall perception of cyber threats.
Dell Secure Work has a Counter Threat Unit (CTU) to publish a stop light chart cybersecurity index (http://www.cybersecurityindex.org ). The index is updated daily based on what Dell’s experts are seeing on networks.
Finally, in a measure of the growing importance of cybersecurity, there are now stock market indexes and ETF of cybersecurity companies. First Trust’s NASDAQ Cybersecurity Index (Ticker symbol: CIBR) launched earlier this month and joins Pure Funds HACK ETF which debuted in November 2014.
(Ticker symbol: CIBR) was launched earlier this month and joins Pure Funds HACK ETF which debuted in November 2014.