Capacity Building for resilient Cybersecurity
At a glance
Security risks in the virtual space have increased significantly due to the growing spread of digital technologies. Current dangers include cybercrime and cyberattacks on critical infrastructures as well as data theft, espionage, surveillance and the increasing restriction of privacy and freedom of expression. In its “Global Risks Report 2021,” the World Economic Forum lists data misuse and cyberattacks as the fourth most likely global risk. The International Telecommunication Union’s (ITU) “Global Cybersecurity Index 2020” estimates that cybercrime is expected to cause losses of $6 trillion worldwide in 2021.
People in emerging and developing countries are particularly affected by the growing security risks in cyberspace due to low protection and industry standards, weak regulation, low education levels, and lack of awareness and skills. The mobile Internet structure prevalent in emerging and developing countries and the services used over it are particularly vulnerable to cyberattacks. In addition, the vulnerability and attack surfaces of critical infrastructures, which include digital financial services, have grown massively due to the rapid increase in the number of users during the Corona crisis.
Government regulators, for the most part, lack mandates and competencies; cybercrime detection, response, and prevention strategies are limited or not implemented. The private sector lacks incentives for safe business practices and knowledge about the security needs of users, especially marginalized groups. Users, in turn, lack sufficient skills to protect themselves from cyber risks and demand standards of protection. The same applies to civil society and the media, which advocate for consumer protection, act as watchdogs and educate the public about risks. There is also limited experience with multistakeholder approaches that promote cooperation, information sharing and trust between government, private sector and civil society partners.
As part of our Trust4Cyber flagship, cybersecurity policy simulation games will be conducted until November 2022 in seven partner countries: Rwanda, South Africa, Kenya, Côte d’Ivoire, Ghana, Mexico, and in another partner country yet to be identified.
The goal of the simulation games is to teach decision-makers about cybersecurity policy in a fun and practical way through a variety of strategic and communication activities. More than that, the simulation also promotes collaboration among all relevant stakeholders from government, private sector, and civil society, as the simulations identify and connect all relevant stakeholders. The country-specific cybersecurity simulation games are developed and implemented together with the Stiftung Neue Verantwortung (SNV). Based on the simulation games, further measures for the country work on the ground are identified and addressed. In a further step, for example, further workshops, regular cyber meetings of the relevant stakeholders, regional cyber mappings or the development of more in-depth learning content and formats based on the findings of the simulation will be added.
Target groups are all people in the pilot countries who use vulnerable digital infrastructures or services, especially women and girls and marginalized groups from economically disadvantaged regions. Trust4Cyber mostly does not reach these target groups directly, but through intermediaries from politics and administration, business, the financial sector and civil society – these include, for example, cybersecurity regulators, data protection authorities, central banks or financial supervisors; companies and business associations in the field of digital infrastructure, banks, (micro-)financial institutions, consumer protection organizations or the media.
Trust4Cyber specifically addresses weaknesses within the cyberoperation system by offering state, civil society and private-sector actors in developing and emerging countries new insights into becoming more resilient within this regard. Using the multi-stakeholder approach for better detection, reaction and prevention of cybersecurity challenges and to protect users of digital technologies from cyber attacks are promoted within the flagship and jointly tested. The aim of Trust4Cyber is therefore that all relevant actors in the digital ecosystem have access to improved knowledge and methods for the implementation of human-centered cybersecurity.