2013 ITU survey on measures taken to raise awareness on cybersecurity

2013 ITU survey on measures taken to raise awareness on cybersecurity Securing information and communication networks: best practices for developing a culture of cybersecurity

SURVEY BACKGROUND Raising awareness of different aspects of cybersecurity and developing a culture of cybersecurity awareness is regarded by many as an integral part of a nation s cybersecurity strategy and requires collaboration among the different stakeholders and coordinated actions to be taken. The ITU D Study Group 1 Rapporteur Group for Question 22 1/1 dedicated to Securing information and communication networks: best practices for developing a culture of cybersecurity, at its meeting held on 13 September 2012 in Geneva, agreed to issue a survey on measures taken in member states to raise awareness on cybersecurity. SURVEY OBJECTIVES The purpose of the is to collect ideas from all sources on how, businesses and expert groups are educating and encouraging individuals and entities on the subject of cybersecurity, including child online protection, and the cybersecurity needs of persons with disabilities. (See reference in item 2.(b)(v), of the work program for ITU D SG1 Question 22 1/1 as agreed during WTDC 10 at: http://www.itu.int/net3/itu D/stg/rgqlist.aspx?rgq=D10 RGQ22.1.1&stg=1 The input received through the survey will be shared during the next ITU D Study Group 1 Rapporteur Group meeting for Question 22 1/1 which will take place in Geneva on 19 April 2013 and incorporated into the final outputs and guidelines to come out of the work on SG1 Question 22 1/1 during the 2010 2014 study period.

Overview of Answers Received (as of 27 June 2013) 193 Member States in ITU Answers were received from 50 Member States 1 Observer 1 Regional/International Organisation 5 Sector Members and 5 non members 62 entries received The non members are, in fact, members of IMPACT, to whom the survey was disseminated. The Questionnaire was sent to List of and observers (Res.99 (Rev. Guadalajara, 2010)) who participated (55) Afghanistan, Andorra, Australia, Belarus, Benin, Bhutan, Brazil, Bulgaria, Burkina Faso, Cambodia, Colombia, Côte d Ivoire, Croatia, Cyprus, Dominican Republic, Egypt, France, Hungary, Iraq, Italy, Japan, Lebanon, Lesotho, Malaysia, Maldives, Mali, Mauritius, Moldova, Morocco, Myanmar, Namibia, Niger, rway, Oman, Pakistan, Panama, Portugal, Serbia, Sri Lanka, Sudan, Swaziland, Switzerland, Syria, Tanzania, Togo, Trinidad and Tobago, Tunisia, Uganda, Ukraine, United States of America, Vanuatu, Venezuela, Viet Nam, Zambia and Palestine Administrations of ITU Member States and Observer (Res. 99), ITU D Sector Members, Associates and Academia, Management Teams for ITU D Study Groups 1 and 2, Observers (Regional and International Organizations) and members of IMPACT.

CONTACT INFORMATION a. Contact details b. c. Survey Questions Please select the name of your Administration/Organization from the list. (If it is not available, indicate the name in the field below the list) Region where your organization is based: Africa The Americas Asia and Pacific Arab States CIS Europe d. Country/ where your organization is based

Survey Questions (Cont d) SURVEY 1 2 3 In your opinion, how important is raising awareness on cybersecurity as a basic step to achieving security in cyberspace? t important Somewhat important Important Very important Has your country already adopted a general framework/strategy for cybersecurity? If not, move directly to survey question 5. If yes, please provide links/references: If you answered yes to the previous question, has any part of this policy/framework/strategy been directed to raising the awareness of the general public? If yes, please provide links/references: 4 If you answered yes to the previous question, at which stage of the general framework/strategy for cybersecurity should the raising of awareness start?

5 6 7 8 9 Survey Questions (Cont d) If your country has not yet adopted a general framework/strategy for cybersecurity, has it been discussing/developing/formulating one? (If is selected, please move directly to question 9) If yes, please provide links/references: Do these discussions/formulations include raising cybersecurity awareness? If yes, please provide links/references: At which stage of the general framework/strategy for cybersecurity should awareness raising start according to these discussions/formulations? Who are the parties concerned with raising public awareness on cybersecurity, in accordance with the legislations/policies/practices adopted in your country? Are there other parties not identified by the legislations/policies/practices that are concerned with raising public awareness on cybersecurity? If yes, please specify:

Survey Questions (Cont d) 10 Was any specific research or survey conducted concerning cybersecurity in your country and/or region? If yes, please provide links/references: 11 Which groups are targeted by cybersecurity awareness campaigns in your country? Children Youth Students Elderly people Persons with disabilities Private institutions Government agencies Others 12 If others was selected, please specify: Which one of the groups identified below is more targeted? Please arrange in order of 1 to 6 for the highly targeted to the less targeted? (1 to indicate highly targeted and 6 to indicate less targeted) Children Youth Students Elderly people Persons with disabilities Private institutions Government agencies Others

13 Survey Questions (Cont d) Has your country designed, or is in the process of designing, a dedicated plan in the general cybersecurity framework/strategy for persons with disabilities? If yes, please provide links/references: 14 What are the cybersecurity issues that are addressed by existing awareness campaigns? Internet safety Privacy Fraud Phishing Malware Child Online Protection Other, such as cyber bullying and harassment, identity theft, spam, firewalls, passwords, shopping and business

15 Survey Questions (Cont d) What is the degree of importance of each issue? Please arrange in order of the most important to the less important and give reasons for such order? Internet safety Privacy Fraud Phishing Malware Child Online Protection Other, such as cyber bullying and harassment, identity theft, spam, firewalls, passwords, shopping and business 16 What are the mechanisms used to raise awareness among the targeted groups stated in question 11? Please provide links/references: 17 Are there unconventional channels used for cybersecurity awareness? If yes, what are they? Please provide links/references: 18 Are there certain technologies related to providing cybersecurity, such as anti virus or anti spam software, available to the persons with disabilities? Please provide links/references:

19 20 Survey Questions (Cont d) Is the public encouraged to use the different technologies for cybersecurity such as anti virus or anti spam software? If yes, please specify: If the answer is yes to the previous question, are these different types of technologies made available to the public and how? If yes, please specify:

c Region where your organization is based: CIS 3 5% Arab States 7 11% Europe 13 21% Asia and Pacific 13 21% Africa 9 22% The Americas 9 15% Least developed 29.03% Responses by level of development 62 responses received Developing 38.71% Developed 24.19% Transition 8.06%

60 50 SURVEY 1 In your opinion, how important is raising awareness on cybersecurity as a basic step to achieving security in cyberspace? 62 responses received 54 40 30 20 10 0 0 0 t important Somewhat important Important Very important 8

2 Has your country already adopted a general framework/strategy for cybersecurity? 60 responses received 70% 60% 50% 40% 60% 60% 59% 40% 40% 41% 50% 50% 26 43% 34 57% 30% 20% 10% 0% Developed Transition Developing Least developed

3 If you answered yes to the previous question, has any part of this policy/framework/strategy been directed to raising the awareness of the general public? 8 21% 39 responses received 31 79%

5 If your country has not yet adopted a general framework/strategy for cybersecurity, has it been discussing/developing/formulating one? 48 responses received 16 33% 32 67%

6 Do these discussions/formulations include raising cybersecurity awareness? 30 responses received 1 3% Responses by level of development: Developed Transition Developing Least developed 5 4 11 9 0 0 1 0 29 97%

9 21 39% Are there other parties not identified by the legislations/policies/practices that are concerned with raising public awareness on cybersecurity? 120% 100% Responses by level of development: 100% 54 responses received 33 61% 80% 60% 40% 50% 50% 42% 58% 67% 33% 20% 0% 0% Developed Transition Developing Least developed

10 Was any specific research or survey conducted concerning cybersecurity in your country and/or region? 53 responses received 19 36% 34 64% Developed Results by level of development: Transition Developing Least developed 83% 50% 44% 53% 17% 50% 56% 47%

11 Which groups are targeted by cybersecurity awareness campaigns in your country? *Replies to more than one item possible 20% 18% 16% 17% 18% 17% 16% 14% 13% 12% 10% 9% 8% 7% 6% 4% 3% 2% 0% Children Youth Students Elderly people Persons with disabilities Private institutions Government agencies Others

12 Which one of the groups identified below is more targeted? Please arrange in order of 1 to 6 for the highly targeted to the less targeted? 1.11% Percentage of value 1 responses assigned to each category 6.67% 25.56% 26.67% Children Youth Students Elderly people Persons with disabilities Private institutions Government agencies Others 2.22% 4.44% 15.56% 17.78% Total number of responses received with value 1: 90 Some respondents assigned value 1 more than once

13 Has your country designed, or is in the process of designing, a dedicated plan in the general cybersecurity framework/strategy for persons with disabilities? 56 responses received 7 12% Results by level of development: The is predominant in all categories of 49 88%

14 What are the cybersecurity issues that are addressed by existing awareness campaigns? 341 responses received *Replies to more than one item possible Child Online Protection 51 15% Others 40 12% Internet safety 56 17% Privacy 49 14% Malware 48 14% Phishing 48 14% Fraud 49 14%

15 What is the degree of importance of each issue? Please arrange in order of the most important to the less important and give reasons for such order? Percentage of value 1 responses assigned to each category Privacy Fraud 13.79% 14% 24.14% 24% 1.15% 1% Phishing Malware Child Online Protection Others 36.78% 37% 9.20% 9% Total number of responses received with value 1: 87 Some respondents assigned value 1 more than once 14.94% 15%

18 Are there certain tools and technical measures related to providing cybersecurity, such as anti virus or anti spam software, available to the persons with disabilities? 13 25% Results by level of development: 120% 100% 52 responses received 39 75% 80% 60% 40% 20% 0% Developed Transition Developing Least developed

19 Is the public encouraged to use the different tools and technical measures for cybersecurity such as anti virus or anti spam software? 53 responses received 7 13% 46 87%

20 If the answer is yes to the previous question, are these different types of tools and technical measures made available to the public and how? 46 responses received 12 26% 120% 100% 80% 100% 100% 74% 34 74% 60% 40% 20% 0% 0% 0% Developed Transition Developing Least developed 26% 42% 58%

Information compiled by the Secretariat to the ITU D Study Groups devsg@itu.int