Snapshot: how committed are Caribbean countries to cybersecurity?

A review of the latest Global Cybersecurity Index, and a summary of the Caribbean’s performance in that exercise.


As we becoming increasingly reliant on digital networks to store information and to communicate value, those networks and systems are being subject to a growing wave of threats that seek to breach, or otherwise compromise, data that has been stored. It should therefore be no surprise that a global assessment has been established to determine the extent to countries have implemented appropriate measures that ultimate demonstrate their awareness of the threats that exist and the commitment to cybersecurity as a means of mitigating them.

Implemented by the International Telecommunications Union (ITU), the Global Cybersecurity Index has the aims to “help countries identify areas for improvement in the field of cybersecurity, as well as to motivate them to take ac on to improve their ranking, thus helping raise the overall level of commitment to cybersecurity worldwide” (Source:  ITU)

The inaugural report for this exercise was published in 2014. In this iteration, GCI results for all 193 ITU Member States have been reported, which includes 16 Caribbean counters:

Table 1: Caribbean countries included in the 2017 GCI exercise (Source: ITU)


Approach to determining a country’s GCI

According to the ITU in its 2017 GCI report, the main objectives of the GCI are to measure:

  • the type, level and evolution over me of cybersecurity commitment in countries and relative to other countries;
  • the progress in cybersecurity commitment of all countries from a global perspective;
  • the progress in cybersecurity commitment from a regional perspective;
  • the cybersecurity commitment divide, i.e. the difference between countries in terms of their level of engagement in cybersecurity programmes and initiatives.

Accordingly, the GCI consists of five main pillars – legal, technical, organizational, capacity building and cooperation – underpinned by 25 indicators, as outlined in Table 2. The scores received under each pillar is tallied and averaged to produce the GCI, which ranges between 0 and 1, with scores closer to 1 indicating greater cybersecurity commitment and awareness.

Table 2: The five main pillars used in the 2017 GCI exercise (Source: ITU)


How did the Caribbean countries perform?

Although it is expected that the top of the GCI ranking would be dominated by developed countries, the actual results paint an interesting picture. Whilst it might be taken for granted that countries, such as Singapore, the United States, France and Canada, should be in the top 10, Malaysia, Oman and Mauritius, in particular, are unexpected (see Table 3). However, those countries scored highly across all of the main pillars, and hence are demonstrating a commitment to addressing cybersecurity.

Table 3: Top 10 countries for the 2017 GCI assessment (Source: ITU)

Having said this, Table 4 shows the GCI results for the Caribbean countries included in the exercise. With the exception of Jamaica, which is ranked 85th out of 193 states, and considered a ‘maturing’ state with respect to cybersecurity commitment, all of the other Caribbean countries, have been classified as still being in the ‘initiating’ stage.

Table 4: 2017 GCI scores and ranking for select Caribbean countries (Source: ITU)

It should be noted that in is report, the ITU did not provide an quantitative breakdown of the scores by pillar for individual countries. Hence, we are unable to conduct additional analysis. However, we hope that as the assessment exercise becomes more established, such data will be made publicly available.

Final thoughts

It must be highlighted that although some Caribbean countries, such as Jamaica, were touting their position on the list, in comparison to their fellow Caribbean countries, the results emphasise the fact that there is considerable room for improvement. Further, with a country such as Mauritius in the top 10 ­ which is has a per capita Gross Domestic Product similar to many Caribbean countries, and is also classified a Small Island Developing State – it demonstrates what is possible in the region. However, first and foremost, there must be the political will to increase our commitment to cybersecurity.


Image credit:  Pexels