Measuring the various aspects of cybersecurity across countries is challenging, in part because the actors in the cybersecurity ecosystem often do not have the incentives to share key data. At the same time, people, firms and governments need to feel secure to communicate online and use Internet-based services. This statistical report provides an overview of how cybersecurity is being measured across a variety of data sources and using different methodological approaches. Beginning with a checklist of measurement considerations, the report then discusses existing data from official and non-official sources, identifying when each data source is most useful. The report then provides two proofs of concepts for measuring uncertainty related to cyber risks, or “cybersecurity uncertainty”. Measuring such uncertainty can complement existing statistics and help anticipate emerging cybersecurity trends, develop more targeted cybersecurity awareness programmes, and promote a more secure and resilient digital ecosystem.
