New Index Ranks Ability of G20 Nations to Withstand Cyber Attacks, Harness Digital Environment

A benchmark study of 19 of the world’s 20 leading economies found that the United Kingdom and the United States lead Group of 20 (G20) countries in their ability to withstand cyber attacks and to deploy the digital infrastructure necessary for a productive and secure economy. The index also found that several major economies—Argentina, Indonesia, Russia and Saudi Arabia—do not have cybersecurity plans and do not appear to be developing them.

The Cyber Power Index, developed by the Economist Intelligence Unit and sponsored by Booz Allen Hamilton, provider of strategy and technology consulting services to the U.S. security government departments, measures both the success of digital adoption and cyber security, and the degree to which the economic and regulatory environment in G20 nations promote national cyber power.

The Index allows visitors to compare the cyber power rankings of the G20 countries on a scale of 0-100 with 100 being most favorable. Each country's ranking is a weighted mean of scores from four categories: Legal and Regulatory Environment; Economic and Social Context; Technology Infrastructure; and Industry Application. Each category features at least four underlying indicators, many of which are composed of sub-indicators. The European Union, the newest member of the G20, was not included in the study.

“The Cyber Power Index identifies those countries that understand what it takes to operate in a digital era…and those that don’t,” said Booz Allen Hamilton Vice Chairman Mike McConnell. “Many define a nation’s cyber power simply like other domains such as land, air or space. While cyber is a domain, a nation’s capabilities must be measured by more than their military might alone. The countries able to master the uses and security requirements of emerging technologies and societal shifts brought on by the cyber revolution will emerge as the cyber powers and the winners of the 21st century.”

Overall, the top five countries exhibiting cyber power, as measured by the index—the UK; the US; Australia; Germany; and Canada—illustrate that developed Western countries are leading the way into the digital era. The top five performers also rate highly across the board, ranking in the top seven in all four categories. The G20’s last member, the EU, was not analyzed.

The leading emerging market countries, Brazil, Russia, India and China (the BRICs), have some room for improvement; out of the 19 economies, they rank 10th, 14th, 17th, and 13th, respectively. There is also a wide discrepancy between the top and the bottom of the index. The UK, the top performer, scores around three times the amount of points on a scale of 0 to 100 as the worst performer, Saudi Arabia. Among other conclusions from the data:

  • Cyber power relies on a solid foundation that includes technical skills for security and effective use of the cyber environment, high educational attainment levels, open trade policies, and an innovative business environment. The US has the most supportive economic and social context for fostering cyber power according to the index. This is driven by high tertiary education enrollment, research and development (R&D) investment, and an open trade environment. Asia’s rising influence is also apparent in this category, as China leads the trade indicator, while Japan and South Korea fill the number one and two positions, respectively, in technical skills.
  • The gap in cyber capability between the U.S. and other countries is closing. While the U.S. has a broad and deep cyber power base, other nations such as South Korea and Japan are aggressively adopting greater levels of bandwidth and communications stability.
  • Big does not always mean powerful. China has a large population and a powerful military. As a result the nation is often considered to be a cyber power. In reality, the Cyber Index found that the country’s true level of cyber power is in reality quite modest. Going forward, other countries are expected to be added to the Index, which could show the power of small countries such as Estonia. In contrast to China, Estonia is relatively tiny and hosts a modest military, yet that country’s well known ability to integrate advanced technology into its society could make a telling comparison.
  • Germany’s comprehensive cyber policies are a key to its success. Germany leads the legal and regulatory framework category with a near perfect score (99.3 out of 100), followed by other Western countries that also performed well in the overall index. Germany is one of only five countries (the others being the UK; the US; France; and Japan) to have both a comprehensive national cyber plan and a comprehensive cybersecurity plan.
  • Prioritization of ICT access is higher in the developed world. There is still a clear divide between developed countries and emerging markets as measured by access to internet, mobile phones, and WiFi. The UK, US, and Germany lead Information Communications Technology (ICT) access, while Mexico, Indonesia, India, China, and South Africa have the lowest access scores. An exception is South Korea, which is fifth, despite having strong government policy towards improving access.
  • The G20 countries have made limited technological progress within key industries. Australia is the top performer within the industry application category, which measures the ability of different industries (energy, health, transportation, government, and e-commerce) to leverage ICT developments, including security advancements. As an indication of uneven technological development across industries, Australia ranks first in the category overall, but only scores well within the electronic health indicator.

The Cyber Power Index anchors the Cyber Hub, a new platform also developed by the Economist Intelligence Unit and sponsored by Booz Allen Hamilton intended to help governments and businesses remain competitive in today’s cyber landscape. The Cyber Hub features a series of research papers and expert points of view examining cyber’s implications for the business community. Much of the content will focus on specific industry verticals: health, finance, transportation, energy, open government, and defense-security.

View the index at www.cyberhub.com.  

 

Featured

  • The Key to Wellbeing in the Office

    A few years ago, all we saw in the news was the ‘great resignation.’ Now we have another ‘great’ to deal with. According to CBRE, 2023 was the start of the ‘great return’ as office workers returned to their normal offices after working from home. The data shows that two-thirds of all U.S office buildings were more than 90% leased as of Q2 2023. Read Now

  • Failed Cybersecurity Controls Costing U.S. Businesses $30 Billion Yearly

    Panaseer recently released ControlWatch and the Continuous Controls Battle: Panaseer 2025 Security Leaders Report examining the cost of cybersecurity control failures and the impact of growing personal liability for security failings on security leaders. The report analyzes the findings of a survey of 400 security decision makers (SDMs) across the US and UK. It shows that security leaders feel under increasing pressure to provide assurances around cybersecurity, exposing them to greater personal risk – yet many lack the data and resources to accurately report and close cybersecurity gaps. Read Now

  • The Business Case for Video Analytics: Understanding the Real ROI

    For security professionals who may be hesitant to invest in video analytics, now's the time to reconsider. In a newly released Omdia report commissioned by BriefCam (now Milestone Systems), the research firm uncovered a compelling story: more than 85% of North American and European organizations that use video analytics achieve a return on investment within just one year. The study, which surveyed 140 end users across multiple industries, demonstrates that security technology is no longer just for security — it's a cross-organizational tool that delivers measurable business value far beyond traditional safety applications. Read Now

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3