Consulting firm, Hathaway Global Strategies, has developed a “Cyber Readiness Index,” or CRI, based on economic growth.  The objective of the index is to measure maturity and commitment to protecting the investment in cyber infrastructure of each of the 35 countries included.  Specifically, the index looks at these five areas:

1. national strategy
2. incident response
3. ‘e-Crime’ law enforcement
4. information sharing
5. R&D

The index combines measures of both economic prosperity and exposure to cyber risk.  For example,  cybercrime, resiliency issues, identity theft, intellectual property theft, and other cyber factors are highlighted to illustrate diminished country GDP.

Some conclusions that the study draws include:

• Increase in prosperity that Internet technology and connectivity have brought over the past 30 years may not outweigh “the unreliability and riskiness caused by new threats”
• Costs of malicious cyber activity and risk must be included in a nation’s evaluation of its prosperity so that security investment can be measured

I like the approach of this index.  As I suggested in my post on “Force Protection“, businesses and countries that depend on the Internet will have to redirect a real amount of its operating capacity to analyze risk and provide information security, just as the military did with personnel and physical assets in the late 70’s/early 80’s, if it is to continue to move forward.