How to improve your organization's cyber hygiene score

In today's interconnected world, trust is the currency that fuels our economies and sustains our societies. As global leaders, we must recognize that transparency is key to trust, especially when it comes to securing our data and critical infrastructure.

At last year’s Annual Meeting of the World Economic Forum, SecurityScorecard released a report highlighting the state of cybersecurity in critical infrastructure. At the time, nation-state attacks had doubled in just one year, high-profile supply chain attacks were rising, and the average data breach cost had reached nearly $4.5 million. Fast-forward a year later, and much of this is still valid.

Cybersecurity transcends borders, posing a global challenge. Our 2024 Global Cyber Index Report explores cybersecurity resilience across regulatory, supply chain, geopolitical and resource aspects. It evaluates regions worldwide for cyber risk and its relationship to GDP.

SecurityScorecard maintains and continuously updates cybersecurity ratings on over 12 million organizations worldwide. We monitor over 200 signals about various aspects of cybersecurity, including network security, endpoint security, patching cadence, and others. Our data-driven scoring system uses machine learning to assess and quantify an organization’s cybersecurity risk.

To assess global cyber hygiene, we analyzed the cybersecurity scores across 6.3 million organizations situated in 189 countries located in 17 geographic regions around the world. We combined this data with 2022 GDP per capita economic data published by the IMF. Regional cybersecurity hygiene scores and GDP per capita were calculated using the means of the associated country hygiene scores and GDP per capita data.

The result? A revealing look into the world's cyber risk landscape. A summary of the data is presented below, with tallies of the number of countries and organizations contributing to each region's cyber hygiene score.

There is a strong correlation between a region’s cybersecurity hygiene and its per capita GDP, as reflected in the diagram below. Overall, regions with higher per capita GDP tend to exhibit better cybersecurity hygiene and lower cyber risk – namely, Northern Europe, Western Europe, and Central Europe. It stands to reason that wealthier economies are better equipped with more resources to invest in resilient and safe infrastructure and to implement and maintain active security programs to combat the ever-evolving nature of cyber threats.

The research also illustrates (below) that – on the whole – the countries with higher GDP per capita are more frequently the targets of major threat actor groups.

While this research certainly highlights countries with strong cyber hygiene, it’s just as critical to highlight a cyber-resilient path forward for countries and regions with lower cyber hygiene scores.

Our joint research with the Cyentia Institute found that 98% of organizations have a relationship with at least one-third party that has experienced a breach in the last two years. Armed with this information, organizations are keenly aware that they can no longer rely on static analyses of their cybersecurity environments. Instead, they must continuously assess cybersecurity risk – including across their entire supply chain and vendor ecosystem – and produce quantitative metrics to measure that dynamic risk in a standardized, actionable way.

Increasingly, security ratings are becoming the best way to measure this risk. Just as a poor credit rating is associated with a greater probability of default, a poor security rating is associated with a higher probability of sustaining a data breach or other adverse cyber event.

While a high-security rating does not make an organization completely immune from cyber risk, it significantly lowers the chances of a breach. By offering an "outside-in" view of an organization's cybersecurity posture, organisations can see what a hacker sees. This identifies weaknesses not only in an organization's own cyber environment but illuminates risk throughout its supply chain as well while offering all stakeholders a common language with which to communicate cyber risk.

Strong cybersecurity hygiene is imperative when protecting critical infrastructure, including water, transportation, healthcare, energy and financial services. Cyberattacks on these vital parts of society can damage economies, disrupt essential services and adversely impact a country’s financial standing.

One vital thing to remember is that strong cybersecurity starts from the top; therefore, governments with robust cybersecurity measures serve as an example for industry groups, organizations, and businesses throughout their economies. This affects not only one nation but the surrounding regions as well. Enhancing resilience regionally and globally is vital to Davos's overall 'Rebuilding Trust' theme for this year.

SecurityScorecard is committed to fostering a collective cyber resilience and information-sharing culture that enhance global competitiveness, encourage economic growth, reduce cyberattacks and increase stability. Together, we can all make the world safer.