Cyber Security Capacity: Does It Matter?

It is assumed that the benefits of building national cyber security capacity are widespread, largely based on common sense, limited case studies, anecdotal evidence, and expert opinion. This paper reports on the early phase of a systematic effort to bring together cross-national data from multiple sources to examine indicators related to the cyber security capacity of a nation. We use these to determine if capacity matters – does it translate into conditions affecting end users of the Internet. Using data from approximately 120 countries, a multivariate analysis of indicators related to national cyber security capacity are shown to have had a strong impact in lowering end-user security problems. The sources for this analysis include data collected for the World Economic Forum Network Readiness Index, the World Bank, Internet World Statistics, and Microsoft, which are openly available. The results of this study reinforce the case that building cyber security capacity is a worthwhile investment, while also raising important issues around global inequalities in the ability to build greater cyber security capacity. The analysis also points to ways in which the data and analyses can be refined, such as through gathering more direct indicators of capacity-building efforts, such as those being developed by the GCSCC at Oxford University.

Keywords: cybersecurity policy, international data, cybersecurity capacity, Internet policy, national cybersecurity standards

Suggested Citation: Suggested Citation

Dutton, William H. and Creese, Sadie and Shillair, Ruth and Bada, Maria and Roberts, Taylor, Cyber Security Capacity: Does It Matter? (March 20, 2017). Quello Center Working Paper No. 2938078, Available at SSRN: https://ssrn.com/abstract=2938078 or http://dx.doi.org/10.2139/ssrn.2938078