Digital economy



Return to > Information security and privacy

Digital security risk management

Since 1992, the OECD has been developing policy analysis and recommendations for governments and other stakeholders to better address security challenges in the digital environment from an economic and social perspective.

OECD recommendation on Digital Security of Critical Activities

Digital transformation is accelerating the digital reliance of critical economic and social activities. In parallel, digital security threats have been growing in number and sophistication. This December 2019 recommendation provides guidance on how to implement the 2015 Digital Security Risk Recommendation to maintain the continuity, resilience and safety of critical activities without inhibiting the benefits of digital transformation.


OECD recommendation for Digital Security Risk Management for Economic and Social Prosperity

Digital security risk should be treated like an economic rather than a technical issue, and should be part of an organisation’s overall risk management and decision-making, according to a this October 2015 OECD Recommendation to member countries.


National cybersecurity strategies

The comparison of a new generation of national cybersecurity strategies in 10 OECD countries reveals that cybersecurity policy making is at a turning point. Cybersecurity has been elevated among governmental policy priorities.


Indicators for Security and Privacy

The OECD is developing indicators to measure security and privacy risk. This includes statistical guidance to improve the international comparability of CSIRT statistics. 


Critical Information Infrastructures Protection (CIIP)

The 2008 OECD Recommendation on the Protection of Critical Information Infrastructures (CIIP) provides a shared understanding of the concept of CIIP and policy recommendations at domestic and international level.


Malware & Botnets

Malware and botnets pose a serious threat to the Internet economy and to national security. The OECD has analysed this phenomenon as well as policies to address it, including the role of Internet Service Providers (ISPs) [More].


Cryptography policy

In 1997, the OECD adopted the Guidelines for Cryptography Policy to promote the use of cryptography without unduly jeopardising public safety, law enforcement and national security [More].


This work is carried out by the OECD Working Party for Security and Privacy in the Digital Economy (SPDE) for the Committee for Digital Economy Policy (CDEP).

More OECD security and privacy resources


Related Documents