°µÍø½ûÇø

Perspective

After Reading, Writing, and Arithmetic, the Fourth 'R' of Literacy Is Cyber-risk

Most governments' cybersecurity strategies overlook the importance of continued education.

This article first appeared inÌýÌýon December 17, 2020.

For decades, governments have increased their cybersecurity budgets for national defence, but not invested enough to teach citizens adequate cyber-skills despite our growing reliance on the internet. This stance has contributed to cyberattacks becoming one of the fastest growing crimes, costing an estimatedÌý.

The situation has become even more pressing during the pandemic as our reliance on the internet has grown. Millions of people globally now depend on it for work, school, health, and basic services. Yet many do not understand the risks and lack the skills to keep themselves, their communities and their employers safe.

The Cyber Highway Code

Governments need to improve cybersecurity by using the same strategies introduced to make driving safer. Just as governments mandate airbags and sensors in cars, they should require building more secure digital devices. Just as drivers and passengers are taught how to wear seatbelts and to follow the rules of the road, citizens should be taught how to safely navigate the internet highway.

A small group of nations are moving in the right direction and can show others how best to proceed, according to ourÌý, which ranks 50 geographies, including the European Union. Switzerland, Singapore, the United Kingdom, Australia and the Netherlands topped the list because of their strong government policies, education systems, widespread access to training and citizen support to reduce risk.

To date, most governments’ strategies to improve cybersecurity overlook the importance of continued cyber-risk education for its citizens across all ages and social demographics. Many countries publish policies and aspirational plans, but few include actual steps or consistent funding to complete the work. Only eight countries in our index had publicly available metrics to measure their progress regarding cyber-risk literacy and education goals.

Yet studies show that 95% of cybersecurity issues can be traced to human error. Teaching basic skills such as using strong passwords, identifying phishing scams and understanding how data is gathered and how a digital identity is tracked online can dramatically improve the cybersecurity and the safety of a nation’s citizens.

Long-term Commitments

Top-ranked countries find ways to ensure that their commitment to cyber-risk literacy does not shift to potentially more popular issues even when a new administration is elected. They accomplish this by creating long-term strategies and practical action plans, such as keeping the public informed about the programmes and their progress.

Switzerland, which ranked first in the index, has made specific goals and transparency a priority. It has a comprehensive 80-page implementation document that lays out departmental responsibilities, and what national or provincial legislation is required. Specific milestones are set, and a timeline assigned to ensure accountability. The education efforts appear to be working: Data from Kaspersky and Microsoft showed that that Swiss citizens were among the least likely to fall afoul of malware or infection.

The more successful nations create an office that is responsible for ensuring that citizens receive the cyber-risk education they need, whether they are kindergarteners or retirees. Singapore, ranked second in the index, established theÌýÌýto keep its cyberspace safe and secure. The nation is educating citizens in large part because internet use is high, and its global financial centre is at risk of attack. Its cyber-wellness courses occur over multiple grades, and focus on social and practical safety tips such as understanding cyber-bullying.

Education for the Digitally Vulnerable

Providing content tailored to at-risk populations such as the elderly, immigrants and low-income groups also should be a priority. Cyber-risk education is often left to the private sector, which can overlook underserved populations like seniors, who tend to be the least digitally savvy demographic. Many are using the internet more frequently, especially during coronavirus, putting them at greater risk of cyber-fraud.Ìý, according to a report from the Aspen Institute.

By contrast, fourth-ranked Australia has been able to educate hundreds of thousands of teachers, students, parents and community groups through itsÌý, which is devoted to tackling online safety for its citizens. The commission’s initiative weaves together communications, collaboration and action across law enforcement, welfare agencies, and mental health groups. As of August 2019, more than 11,000 teachers and 475,000 students, parents and community groups had participated in eSafety programs.

Governments also need to improve the quality of cyber-risk education by better training teachers and ensuring that educational materials are accessible and current. Estonia, ranked seventh in the index, prioritized digital education in response to extensive 2007 cyberattacks, which crippled banks, government agencies and media outlets for weeks. This Baltic country now has one of the world’s most advanced digital societies. Free wireless internet is available almost everywhere, and the nation uses quantitative metrics to track progress against practical goals. The country started to digitize all its educational materials in 2015, enabling 87% of Estonian schools to use online learning even before coronavirus.

A Cyber-investment for the Future

Too often governments focus on the cost of cyber-risk education rather than on the positive impact it could have on the economy. Yet eighth-ranked Israel shows how a well-educated population and connected institutions can contribute significantly to the national economy by providing more jobs and greater innovation. The country prioritizes cybersecurity education earlier than most countries and assesses the cyber-risk literacy of children and youth at key points in their development and education. This investment in human resources has led to a wealth of cyber-related innovation and economic growth.

As we utilize more sophisticated digital and data-rich technologies, we need to protect our institutions, our communities, and ourselves from cybercrime. Companies should build more secure devices, infrastructure and data-processing capabilities. In turn, governments need to do their part by ensuring that all citizens get the education they need to remain safe online.

Ìý