US ranks 10th on cyber literacy, finds Oliver Wyman Forum report

22 October 2020 2 min. read
More news on

Switzerland ranked first on Oliver Wyman Forum’s list of the top countries for cyber risk literacy and education, while the United States came in 10th place. Oliver Wyman’s report ranked 50 countries on their present cyber risk literacy and their available cyber risk education and training.

Nearly 95% of cybersecurity issues can be traced back to human error, such as clicking a malicious link or giving up credentials through a phishing attack. With ever more activities being conducted digitally, governments need to make sure their citizens are cyber-savvy in order to more effectively combat a rising tide of cyber crime.

In the US, 64% of Americans have never checked if their data has been breached, and 56% don’t know what to do if they’re the victim of a data breach.

“Cyberattacks are now one of the fastest growing crimes globally and are expected to cost organizations more than $600 billion dollars a year by 2021,” said Paul Mee of the Oliver Wyman Forum. “The situation has become even more pressing during the pandemic as our reliance on the internet has grown. Yet many citizens still lack the basic skills to keep themselves, their communities, and their employers safe.”

Overall, the Oliver Wyman study found that cyber risk education begins too late and lacks standardization, assessment goals, and reinforcement. Employers were generally found to be better at promoting risk education than governments – perhaps because they are nearer to the damage if an employee slips up and compromises their systems.

Cyber Risk Literacy and Education Index rankings

However, some countries are doing better than others on cyber literacy. The top five nations in the consulting firm’s ranking were Switzerland, Singapore, the UK, Australia, and the Netherlands. These countries distinguished themselves by integrating cyber risk literacy into their government policies and education – recommending or mandating cybersecurity instruction from the primary level.

Top-ranked Switzerland has a comprehensive implementation document, with specific responsibilities, timelines, and milestones. Singapore, meanwhile, has prioritized education efforts from early childhood to retirees, and has established a specific agency to manage cyber safety and security.

Those ranked lower than the top five generally lacked a comprehensive national cyber risk literacy strategy and/or integration into school curricula.

The US ranked 36th for government policy and 29th for technological and educational inclusivity. The country scored better on the public’s motivation to reduce risk (4th), how well cyber risk is addressed in the educational system (6th), and how well businesses are upskilling their employees (10th).

In order to improve their cyber risk literacy, countries should create long-term, benchmarkable goals for their education initiatives and create easily accessible teaching resources for schools and libraries. Oliver Wyman says policymakers can also establish “nutrition-label-like” badges that grade devices and services on cyber risk.