Publications & Documents

Most digital security incidents are caused by malicious actors (e.g. cybercriminals and state-sponsored groups) exploiting vulnerabilities in organisations’ digital ecosystems. Addressing vulnerabilities before attackers take advantage of them is an effective means of reducing the probability of cybersecurity incidents. This paper discusses vulnerabilities in products’ code such as software and firmware, and in how products are implemented in information systems. It shows that the technical community has progressed in developing good practice for treating vulnerabilities, including through co-ordinated vulnerability disclosure (CVD). However, significant economic and social challenges prevent stakeholders from adopting good practice, such as legal frameworks that do not sufficiently protect 'ethical hackers' from legal proceedings. The paper stresses that public policies aimed at removing obstacles and encouraging vulnerability treatment could significantly reduce digital security risk for all. The findings from this paper will inform the development of a new OECD Recommendation in this area.

Going Digital in Latvia analyses recent developments in Latvia’s digital economy, reviews policies related to digitalisation and make recommendations to increase policy coherence in this area, based on the OECD Going Digital Integrated Policy Framework. The review uses strategic foresight to explore three alternative future scenarios, which could result from the digital transformation of the global economy and society. It also examines the availability and quality of communication networks and services in Latvia as well as related policies and regulations. Further, it reviews trends in digital technology usage among individuals, businesses and the government, and examines policies to foster diffusion. Finally, the review analyses opportunities and challenges raised by digitalisation in key areas, from innovation and skills to digital security and data governance, and evaluates policy responses to these changes in Latvia.

Science, technology and innovation (STI) have played a key role in responding to the COVID-19 pandemic and the unprecedented socio-economic crisis it has triggered. This paper explores how the pandemic affected STI in 2020, including how STI was mobilised to provide vaccines, treatments and innovative (often digital) solutions to address 'social distancing'. The paper also reviews the quick and agile STI policy responses implemented across countries to stimulate research and innovation activities to find solutions to the pandemic. Moreover, the paper covers STI policies that targeted universities, research centres, innovative businesses and entrepreneurs most affected by the crisis. It also raises key debates on the effectiveness of such policies. Follow-up work will leverage more and better data to improve this early assessment of the impacts of the crisis and STI policy responses.

Economies and societies are increasingly reliant upon 'smart products' that contain code and can connect to one another, e.g. through the Internet. Recent cyber-attacks such as Mirai, WannaCry, NotPetya and SolarWinds have underlined that the exploitation of vulnerabilities in smart products can have severe economic and social consequences. Such attacks increasingly threaten users’ safety and well-being, as well. This report shows that economic factors play an important role in the relative 'insecurity' of smart products. It develops an analytical framework based on the value chain and lifecycle of smart products, and applies the framework to three case studies: computers and smartphones, consumer Internet of Things (IoT) devices and cloud services. It demonstrates that complex and opaque value chains lead to a misallocation of responsibility for digital security risk management, while significant information asymmetries and externalities often limit stakeholders’ ability to behave optimally.

From 'traditional' software to cloud services and Internet of Things (IoT) devices, our economies and societies are increasingly reliant upon 'smart products' that contain code and can connect to each other, e.g. through the Internet. Such products are vulnerable to cyber security risk, and economic factors often play a major role in their relative ‘insecurity’. This report discusses how policy makers can address key challenges that prevent smart products from reaching an optimal level of digital security. Increasing transparency and information sharing, promoting co-operation (including at the international level), and ensuring the duty of care of supply-side actors (e.g. through the principles of security-by-design, security-by-default and responsible end-of-life) are important avenues for policy action. Policy makers can leverage many tools to achieve these objectives, from public procurement, certification and multi-stakeholder partnerships, to labels and ex ante legal requirements.

Despite potentially tremendous benefits, small and medium-sized enterprises (SMEs) lag in the digital transformation. Emerging technologies, as diverse as they are, offer a range of applications for them to improve performance and overcome the size-related limitations they face in doing business. However, SMEs must be better prepared, and stakes are high. SMEs make the most of the industrial fabric in many countries and regions, they create jobs (most jobs sometimes) and are the cement of inclusive and sustainable societies. The SME digital gap has increased inequalities among people, places and firms, and there are concerns that the benefits of the digital transformation could accrue to early adopters, further broadening these inequalities. Enabling SME digitalisation has become a top policy priority in OECD countries and beyond. The report looks at recent trends in SME digital uptake, including in the context of the COVID-19 crisis. It focuses on issues related to digital security, online platforms, blockchain ecosystems, and artificial intelligence. The report identifies opportunities, risks of not going digital, and barriers to adoption. It looks to concrete policy action taken worldwide to speed the SME transformation and raises a series of considerations to advance the SME digital policy agenda.

This paper uses firm-level data analysis to assess the extent, and the economic and policy implications of state-owned enterprises (hereafter SOEs) in the shipbuilding sector. Even though the available data appears to be limited in certain respects, one of the paper’s key findings demonstrates that SOEs occupy a significant share in global ship completions, but are likely to operate with lower profitability rates and to be more highly leveraged than private enterprises. This report also presents a number of guiding principles to assess SOEs’ behaviour and their potential impact on the shipbuilding market, such as good corporate governance frameworks and the principle of competitive neutrality. To provide a concrete comparative analysis of SOEs and their private counterparts, the paper examines a case-study comparing the Chinese central state-owned enterprise CSIC and its private counterpart Yangzijiang Shipbuilding.