The MIT Technology Review Insights Cyber Defense Index 2022/23 is research by MIT Technology Review
Insights sponsored by Code42. The research was conducted through in-depth secondary research and
analysis along with primary survey data, and interviews with global cybersecurity professionals, technologydevelopers, analysts, and policymakers. It measures the extent to which the world’s 20 largest and most digitally forward economies have adopted technology and digital practices to resist cyberattacks, and how well their governments and policy frameworks promote cybersecure digital transactions. The writer of the report was Ross O’Brien, the editors were Laurel Ruma, Michelle Brosnahan, and Jenn Webb. Nicola Crepaldi and Natasha Conteh were the producers.

Today’s cybersecurity landscape can impart a sense of precariousness—there appears to be no end to the deluge of malware or criminal hacking. Rich and poor countries seem equally vulnerable, for different reasons. Mature digital economies have money and talent to mount cyber defense, but these riches make them attractive. Developing countries are vulnerable due to lack of resources.
Hope lies in the fact that most nations monitor and manage cyberattack events, invest in infrastructure resilience, and cultivate flexible and iterative policy. Moreover, the inevitability of cyberthreats is prompting a rethink among cybersecurity professionals, to shift investment away from protection of digital assets, toward business continuity and data and service recovery.
Brisk technology adoption favors bad actors, thanks to the broadening attack surface of a world blanketed by mobile and IoT devices. Cyberattackers are motivated, skilled, and enjoy safe harbors in powerful states. Ransomware is a global threat to data and financial security. The pandemic’s assault on worker norms draws scrutiny to planning and security protocols.
The MIT Technology Review Insights “Cyber Defense Index (CDI) 2022/23″ is the first annual comparative
ranking of the world’s 20 largest and most digitally forward economies on their preparation against, and response and recovery from, cybersecurity threat. It measures how economies use technology and digital practices against cyberattacks, and how policy promotes secure digital transactions.
The top findings of the CDI are as follows:
• Australia’s first-place CDI score reflects efforts to make robust digital infrastructure widely available.
The Australian government strives to use digital tools and regulations to safeguard personal data and digital transactions. It committed to overhauling cybersecurity laws, pledging to shelve a previous roadmap. The importance of this was underscored by a hack of Optus, its second-largest mobile carrier, in which 2.8 million records were stolen. Its business leaders have high confidence in the government’s cybersecurity stance.
• The Netherlands, in second place, is a nerve center for pan-European cybersecurity. The Hague is a digital security hub. It is home to the Global Forum for Cyber Expertise, and the cybersecurity operational headquarters for Europol and NATO. The Netherlands ranks high for cybersecurity resources, with comprehensive approaches to data privacy and well-coordinated domestic agencies. It benefits from the EU’s consumerfriendly digital policy, reflected in the 2018 General Data Protection Regulation (GDPR) framework.

Geopolitics means high CDI rankings for South Korea (third place) and Poland (sixth place). Both economies border some of the world’s most notorious safe harbors for cyber malfeasance—Russia and North Korea—which implicitly and explicitly support bad actors. This forces increased vigilance.
• China leads on several indicators (second place in organizational capacity), but overall ranks in the
bottom 10. China’s advantages lie in its digital workers and the strategic importance its business leaders place on cybersecurity. Its overall score is bruised by its poorly regarded infrastructure resilience and difficult policy environment.
• Germany scored in the bottom quarter of the CDI, lowest of any EU nation. Germany has one of Europe’s lowest e-participation scores, due to low adoption in its small-to-medium-sized enterprises (SMEs), its slow digital service delivery, and its dearth of talent.
• India struggles, despite a digitally forward government and the world’s largest IT-enabled service sectors.
This powerful tech force lacks critical infrastructure, has poor national digital economy adoption, and weak cybersecurity regulation. Despite cyberattacks and calls for cybersecurity laws and a dedicated ministry, India has opted out.
• The EU benefits from its cybersecurity posture, expressed by the 2018 GDPR. This preserves the rights
of digital consumers and is a model for the top half of CDI-ranked countries. This posture affects Poland and France (sixth and eighth) and the UK and Switzerland (seventh and 10th), as well as non-EU European countries with large pan-European footprints in the financial service and insurance sectors.
• Developing countries struggle for ground, due to lack of knowledge and resources. Countries among the CDI top 10 score closely together—less than one point divides first-place Australia and ninth-place Japan.
Those near the bottom score more diversely. The differentiator is access to investment. Cybersecurity
advances lean on 5G technology, which requires upgrades to critical infrastructure. Where 5G is already
in place, there is built-in access to innovation.

The inevitability of cyberthreats is prompting a rethink among cybersecurity professionals, to shift investment away from protection of digital assets, toward business continuity and data and service recovery.