Close contenders are Singapore, the United Kingdom and Australia, according to a study of 49 geographies.

Singapore has been ranked second in the Oliver Wyman Forum’s Cyber Risk Literacy and Education Index.

The index evaluates the present cyber risk literacy of a population, and the nature of related education and training available to promote and enable future cyber risk literacy. Specifically, the index measures five key drivers of cyber-risk literacy and education:

  1. The public’s motivation to practice good cybersecurity hygiene
  2. Government policies to improve cyber literacy
  3. How well cyber risks are addressed by educational systems
  4. How well businesses are raising their employees’ cyber skills
  5. The degree to which digital access and skills are shared broadly within the population

While almost 95% of cybersecurity issues can be traced back to human error, most governments have not invested enough to educate their citizens about the risks, according to the report.

Cyber literacy, along with financial and cultural literacy, is a new 21st century priority for governments, educational institutions, and businesses. Said Alon Cliff Tavor, Partner, Oliver Wyman: “Cyberattacks are now the fastest-growing crimes globally and are expected to cost organizations more than US$600bn dollars a year by 2021. The situation has become even more pressing during the pandemic as our reliance on the internet has grown. In Asia in particular, institutions have been experiencing substantial challenges in shaping customers’ online behavior, with threat actors consciously targeting more vulnerable consumer groups and taking advantage of pockets lower cyber literacy.”

How the top scorers did it

Switzerland, Singapore and the UK topped the list because of their strong government policies, education systems and training, and practical follow-through and metrics as well as the population’s motivation to reduce risk.

Switzerland, the number-one-ranked country, has a comprehensive implementation document that lays out specific responsibilities along with what national or provincial legislation is required. Specific milestones are set, and timelines are assigned to ensure accountability regardless of who oversees the government.

Singapore, which ranked second, has prioritized cybersecurity education efforts from early childhood to retirees. It established the Cyber Security Agency of Singapore to keep its cyberspace safe and secure. Its cyber-wellness courses occur over multiple grades and focus on social and practical safety tips such as understanding cyber bullying.

The UK ranked third, by having the most integrated cyber system because it incorporates cyber risk into both primary and secondary education. The UK’s National Cyber Security Strategy of 2016–2021 is also one of the strongest plans globally.

Countries that rank lower lack an overall national strategy and fail to emphasize cyber risk in schools. Some countries in emerging markets are only beginning to identify cybersecurity as a national concern.

“Governments that want to improve the cyber risk can use the index to strengthen their strategy by way of adopting new mindsets, trainings, messaging, accessibility and best practices,” Alon added. “With most children using the internet by the age of four, it is never too early to start teaching your citizens to protect themselves.”