2013 ITU survey on measures taken to awareness on ... · 2013 ITU survey on measures taken to raise awareness on cybersecurity 2013 ITU survey on measures taken to raise awareness

August 2013

ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity

2013 ITU survey on measures taken to raise awareness on cybersecurity

ITU‐D Study Group Question 22‐1/1Securing information and communication networks: best practices for

developing a culture of cybersecurity

August 2013


SURVEY BACKGROUND

Raising awareness of different aspects of cybersecurity and developing a culture of cybersecurityawareness is regarded by many as an integral part of a nation’s cybersecurity strategy and requires collaboration among the different stakeholders and coordinated actions to be taken.

The ITU‐D Study Group 1 Rapporteur Group for Question 22‐1/1 dedicated to “Securing information and communication networks: best practices for developing a culture of cybersecurity”, at its meeting held on 13 September 2012 in Geneva, agreed to issue a survey on measures taken in member states to raise awareness on cybersecurity.

SURVEY OBJECTIVES

The purpose of the 2013 ITU survey on measures taken to raise awareness on cybersecurity is to collect ideas from all sources on how countries, businesses and expert groups are educating and encouraging individuals and entities on the subject of cybersecurity, including child online protection, and the cybersecurity needs of persons with disabilities. (See reference in item 2.(b)(v), of the work program for ITU‐D SG1 Question 22‐1/1 as agreed during WTDC‐10 at:http://www.itu.int/net3/ITU‐D/stg/rgqlist.aspx?rgq=D10‐RGQ22.1.1&stg=1

The input received through the survey will be shared during the next ITU‐D Study Group 1 Rapporteur Group meeting for Question 22‐1/1 which will take place in Geneva on 19 April 2013 and incorporated into the final outputs and guidelines to come out of the work on SG1 Question 22‐1/1 during the 2010‐2014 study period.

August 2013


Overview of Answers Received (as of 27 June 2013)

The non‐members are, in fact, members of IMPACT, to whom the survey was disseminated.

193 Member States in ITU

Answers were received from 50 Member States

1 Observer1 Regional/International Organisation

5 Sector Members and5 non‐members

62 entries received

List of countries and observers (Res.99 (Rev. Guadalajara, 2010)) who participated (55)

Afghanistan, Andorra, Australia, Belarus, Benin, Bhutan, Brazil, Bulgaria, Burkina Faso,

Cambodia, Colombia, Côte d’Ivoire, Croatia, Cyprus, Dominican Republic, Egypt, France, Hungary, Iraq, Italy, Japan, Lebanon, Lesotho, Malaysia, Maldives, Mali, Mauritius, Moldova, Morocco, Myanmar, Namibia, Niger, Norway, Oman, Pakistan, Panama, Portugal, Serbia, Sri Lanka, Sudan, Swaziland, Switzerland, Syria, Tanzania, Togo, Trinidad and Tobago, Tunisia, Uganda, Ukraine, United States of America, Vanuatu, Venezuela, Viet Nam, Zambia and

Palestine

The Questionnaire was sent to Administrations of ITU Member States and Observer (Res. 99), ITU‐D Sector Members, Associates and Academia, ManagementTeams for ITU‐D Study Groups 1 and 2, Observers (Regional and International Organizations) and members of IMPACT.

August 2013


Survey QuestionsCONTACT INFORMATION

a. Contact details

b. Please select the name of your Administration/Organization from the list.(If it is not available, indicate the name in the field below the list)

c.

Region where your organization is based:AfricaThe AmericasAsia and PacificArab StatesCIS countriesEurope

d. Country/countries where your organization is based

August 2013


Survey Questions (Cont’d)SURVEY

1

In your opinion, how important is raising awareness on cybersecurity as a basic step to achieving security in cyberspace?

Not importantSomewhat importantImportantVery important

2

Has your country already adopted a general framework/strategy for cybersecurity? If not, move directly to survey question 5.

YesNo

If yes, please provide links/references:

3

If you answered ‘yes’ to the previous question, has any part of this policy/framework/strategy been directed to raising the awareness of the general public?

YesNo


4 If you answered ‘yes’ to the previous question, at which stage of the general framework/strategy for cybersecurity should the raising of awareness start?

August 2013


Survey Questions (Cont’d)

5

If your country has not yet adopted a general framework/strategy for cybersecurity, has it been discussing/developing/formulating one? (If “No” is selected, please move directly to question 9)

YesNo


6Do these discussions/formulations include raising cybersecurity awareness?

YesNo


7 At which stage of the general framework/strategy for cybersecurity should awareness raising start according to these discussions/formulations?

8 Who are the parties concerned with raising public awareness on cybersecurity, in accordance with the legislations/policies/practices adopted in your country?

9

Are there other parties not identified by the legislations/policies/practices that are concerned with raising public awareness on cybersecurity?

YesNo

If yes, please specify:

August 2013



10Was any specific research or survey conducted concerning cybersecurity in your country and/or region?

YesNo


11

Which groups are targeted by cybersecurity awareness campaigns in your country?ChildrenYouthStudentsElderly peoplePersons with disabilitiesPrivate institutionsGovernment agenciesOthers

If “others” was selected, please specify:

12

Which one of the groups identified below is more targeted? Please arrange in order of 1 to 6 for the highly targeted to the less targeted? (1 to indicate highly targeted and 6 to indicate less targeted)

ChildrenYouthStudentsElderly peoplePersons with disabilitiesPrivate institutionsGovernment agenciesOthers

August 2013



13

Has your country designed, or is in the process of designing, a dedicated plan in the general cybersecurityframework/strategy for persons with disabilities?

YesNo


14

What are the cybersecurity issues that are addressed by existing awareness campaigns?Internet safetyPrivacyFraudPhishingMalwareChild Online ProtectionOther, such as cyber‐bullying and harassment, identity theft, spam, firewalls, passwords, shopping and business

August 2013



15

What is the degree of importance of each issue? Please arrange in order of the most important to the less important and give reasons for such order?

Internet safetyPrivacyFraudPhishingMalwareChild Online ProtectionOther, such as cyber‐bullying and harassment, identity theft, spam, firewalls, passwords, shopping and business

16 What are the mechanisms used to raise awareness among the targeted groups stated in question 11?

Please provide links/references:

17 Are there unconventional channels used for cybersecurity awareness? If yes, what are they?


18

Are there certain technologies related to providing cybersecurity, such as anti‐virus or anti‐spam software, available to the persons with disabilities?

YesNo


August 2013



19

Is the public encouraged to use the different technologies for cybersecurity such as anti‐virus or anti‐spam software?

YesNo


20

If the answer is ‘yes’ to the previous question, are these different types of technologies made available to the public and how?

YesNo


August 2013


c Region where your organization is based:

62 responses receivedAfrica9

22%

The Americas

915%

Asia and Pacific1321%

Arab States7

11%

CIS countries

35%

Europe1321%

Developed countries24.19%

Transition countries8.06%

Developing countries38.71%

Least developed countries29.03%

Responses by level of

development

August 2013


SURVEY

1 In your opinion, how important is raising awareness on cybersecurity as a basic step to achieving security in cyberspace?

62 responses received

0 0

8

54

0

10

20

30

40

50

60

Not important Somewhat important Important Very important

August 2013


2 Has your country already adopted a general framework/strategy for cybersecurity?


60% 60% 59%

50%

40% 40% 41%

50%

0%

10%

20%

30%

40%

50%

60%

70%

Developed countries Transition countries Developing countries Least developedcountries

Yes No

Yes3457%

No2643%

August 2013


3If you answered ‘yes’ to the previous question, has any part of this policy/framework/strategy been directed to raising the awareness of the general public?


Yes3179%

No8

21%

August 2013


5 If your country has not yet adopted a general framework/strategy for cybersecurity, has it been discussing/developing/formulating one?


Yes3267%

No1633%

August 2013


6 Do these discussions/formulations include raising cybersecurityawareness?


Developedcountries

Transitioncountries

Developingcountries

Least developed countries

Yes 5 4 11 9

No 0 0 1 0

Responses by level of development:

Yes2997%

No13%

August 2013


9Are there other parties not identified by the legislations/policies/practices that are concerned with raising public awareness on cybersecurity?

54 responses receivedResponses by level of development:

Yes3361%

No2139%

100%

50%42%

67%

0%

50%58%

33%

0%

20%

40%

60%

80%

100%

120%

Developedcountries

Transitioncountries

Developingcountries

Least developedcountries

Yes

No

August 2013


10 Was any specific research or survey conducted concerning cybersecurityin your country and/or region?


Developedcountries

Transitioncountries

Developingcountries

Least developedcountries

Yes 83% 50% 44% 53%

No 17% 50% 56% 47%

Results by level of development:Yes3464%

No1936%

August 2013


11 Which groups are targeted by cybersecurity awareness campaigns in your country?

*Replies to more than one item possible

17%

18%17%

9%

7%

13%

16%

3%

0%

2%

4%

6%

8%

10%

12%

14%

16%

18%

20%

Children Youth Students Elderly people Persons withdisabilities

Privateinstitutions

Governmentagencies

Others

August 2013


12 Which one of the groups identified below is more targeted? Please arrange in order of 1 to 6 for the highly targeted to the less targeted?

26.67%

17.78%

15.56%

4.44%2.22%

6.67%

25.56%

1.11%

Children

Youth

Students

Elderly people

Persons with disabilities

Private institutions

Government agencies

Others

Percentage of value 1 responses assigned to each category

Total number of responses received with value 1: 90Some respondents assigned value 1 more than once

August 2013


13Has your country designed, or is in the process of designing, a dedicated plan in the general cybersecurity framework/strategy for persons with disabilities?


Results by level of development:The ‘No’ is predominant in all categories of countries

Yes7

12%

No4988%

August 2013


14 What are the cybersecurity issues that are addressed by existingawareness campaigns?

341 responses received*Replies to more than one item possible

Internet safety5617%

Privacy4914%

Fraud4914%Phishing

4814%

Malware4814%

Child Online Protection

5115%

Others4012%

August 2013


15What is the degree of importance of each issue? Please arrange in order of the most important to the less important and give reasons for such order?

Percentage of value 1 responses assigned to each category

Total number of responses received with value 1: 87Some respondents assigned value 1 more than once

24.14%24% 1.15%

1%

9.20%9%

14.94%15%

36.78%37%

13.79%14%

Privacy

Fraud

Phishing

Malware

Child Online Protection

Others

August 2013


18Are there certain tools and technical measures related to providing cybersecurity, such as anti‐virus or anti‐spam software, available to the persons with disabilities?

52 responses receivedResults by level of development:

0%

20%

40%

60%

80%

100%

120%

Developed countries Transition countries Developingcountries

Least developedcountriesYes No

Yes1325%

No3975%

August 2013


19 Is the public encouraged to use the different tools and technical measures for cybersecurity such as anti‐virus or anti‐spam software?


Yes4687%

No7

13%

August 2013


20 If the answer is ‘yes’ to the previous question, are these different types of tools and technical measures made available to the public and how?


Yes3474%

No1226%

100% 100%

74%

42%

0% 0%

26%

58%

0%

20%

40%

60%

80%

100%

120%

Developed countries Transition countries Developing countries Least developedcountries

Yes

No

August 2013


Information compiled by the Secretariat to theITU‐D Study Groups

[email protected]

Documents

2013 ITU survey on measures taken to awareness on ... · 2013 ITU survey on measures taken to raise awareness on cybersecurity 2013 ITU survey on measures taken to raise awareness