As the world inexorably digitises and becomes reliant on technology, cybersecurity needs to be a critical concern for governments and organisations across the globe. Despite that, it is often overlooked in discussions about sustainable development. This is a significant oversight as cyber threats can have far-reaching effects on the economy.
The G20 has focused on addressing a range of issues related to sustainable development, including poverty, inequality, and climate change. In 2022, the G20 Bali Leaders’ Declaration underscored that the COVID-19 pandemic has accelerated the transformation of the digital ecosystem and digital economy and recognised the importance of digital transformation in reaching the Sustainable Development Goals (SDGs). The G20 leaders in particular acknowledged that affordable and high-quality digital connectivity is essential for digital inclusion and digital transformation, while a resilient, safe, and secure online environment is necessary to enhance confidence and trust in the digital economy. The importance of countering foreign influence operations, cyber threats, and online abuse, and ensuring security in connectivity infrastructure was also highlighted as a shared priority across G20 countries. This builds on previous G20 commitments on cybersecurity, such as the 2015 affirmation of United Nations norms of behaviour and prohibition on commercial espionage.
Now, it is time for the G20 to increase its focus on cybersecurity and begin to mainstream cybersecurity into efforts to achieve the SDGs in low- and middle-income countries.
Economic resilience and cyber resilience
Economic resilience refers to the ability of an economy to withstand and recover from shocks or disruptions. This can include natural disasters, economic downturns, cyberattacks, or other types of crises. Economic resilience is important because it allows an economy to continue functioning and growing despite these inevitable challenges.
Cyber resilience, similarly, refers to the ability of an organisation or system to withstand and recover from malicious attacks. Cyber resilience is important because it allows an organisation to continue operating and meeting its goals despite these threats.
In a modern economy, it is self-evident that economic resilience can be improved by increasing cyber resilience. For example, if an organisation is better able to withstand and recover from a cyberattack, it is less likely to be disrupted and can continue operating as normal. This ensures that the impact on the economy overall is minimal. Overall, economic resilience and cyber resilience are interconnected and rely on each other to support the stability and growth of an economy.
Cybersecurity and sustainable development
When the United Nations agreed on the 17 SDGs, a so-called blueprint for peace and prosperity, they did so in full knowledge that technology will play an essential role in making the blueprint a reality. To meet the SDGs’ central promise of leaving no one behind, we first need to close the digital divide – across countries, sectors, and individuals.
While the COVID-19 pandemic damaged the economy, it has accelerated the process of digital transformation in many parts of the world. The United Nations International Telecommunications Union (ITU) estimates that an extra 1.1 billion people came online for the first time since 2019. India’s own progress towards the SDGs has been hampered by the economic and social shocks of the COVID-19 pandemic according to the latest Sustainable Development Report. Accelerating digital transformation throughout India, and across the Global South, will help recover lost time. Moving processes online and into the cloud will enable governments to improve public service delivery; help businesses to improve growth and productivity; and empower individuals to exercise their rights.
Multiple aspects of life are dependent on technology in high-income countries, and the same will become true in low- and middle-income countries. We will increasingly see a reliance on computers, smartphones, and the internet for communication, commerce, and basic services like banking, healthcare, and education. This dependence on technology brings tremendous benefits, but it also introduces new vulnerabilities. Nation-states and cybercriminals can use these vulnerabilities to steal sensitive information, disrupt services, or even cause physical damage. A successful attack can result in significant financial losses, damage to a country’s reputation, and harm to its citizens.
Worryingly, countries have less than 10 years to achieve the SDGs, and yet the global economic drain of cyberattacks is already expected to reach over US$10 trillion per annum by the year 2025. Such attacks risk lives and livelihoods and have far-reaching negative consequences, from slowing economic growth to undermining people’s trust in technology, public institutions, and democracy. Crucially, many low- and middle-income countries are still developing their infrastructure and technology systems, making them especially vulnerable to cyberattacks. In addition, the lack of resources and expertise can make it difficult for governments and impacted users to effectively respond to and recover from cyber incidents.
In the face of the twin challenge of strengthening both economic resilience and cyber resilience, and in pursuit of the mission to accelerate sustainable solutions for the SDGs, we believe that cybersecurity should be mainstreamed into the global digital development agenda.
The G20 and cybersecurity
G20 can make a significant contribution to advance those goals. For example, India could, through the G20, drive the adoption of universal cybersecurity goals and targets. Learning from the Millenium Development Goals and the SDGs, these goals and targets could define the technical, legal and policy framework and capacities needed to support states in implementing UN cyber norms at the national level, mobilize global resources toward their attainment, and facilitate collective action on cyber capacity building through international cooperation. These could include support for developing national cybersecurity strategies; establishing Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in countries where such capacity is absent; fostering enabling environments to fight cybercrime; building capacity, and technical and forensic expertise; strengthening the resilience of critical infrastructures; and developing cyber resilience and incident response frameworks.
In the longer term, to help support the implementation of the framework, the G20 should direct technical and financial assistance to low- and middle-income countries to help them improve their cybersecurity capabilities. This can include:
- Support capacity-building efforts: Many countries currently lack the resources and expertise to effectively manage and secure their technology systems. The G20 can support capacity-building efforts, such as providing training and technical assistance and helping to establish cybersecurity centres of excellence. This can help to build the knowledge and skills of individuals and organizations in these countries and can help to strengthen their ability to prevent, detect, and respond to cyber threats.
- Promote international cooperation: Cybersecurity is a global issue that requires international cooperation and collaboration. The G20 can promote international cooperation on cybersecurity by facilitating information-sharing and coordination among member countries. This can help to ensure that countries have access to the latest information and technology, and can help to reduce the risk of cyber incidents. Furthermore, when incidents do occur, the G20 can work towards reducing the risks of miscalculation and conflict by either establishing new mechanisms for the resolution of disputes and the peaceful settlement of conflicts in cyberspace or promoting the use of existing ones.
- Invest in research and development: Advances in technology are constantly creating new opportunities and challenges for cybersecurity. The G20 can invest in research and development in the field of cybersecurity and can support the development of new technologies, tools, and techniques that can help to enhance the security and resilience in low- and middle-income countries. This can help to ensure that these countries have access to the latest innovations and solutions relevant to their needs, and can help recruit them as allies in global efforts to combat cyber threats.
- Lead by example: Finally, the G20 countries can lead by example by implementing strong cybersecurity measures in their own countries. This can include investing in cybersecurity infrastructure, building their own cyber incident response capacities, and collaborating with other countries on cybersecurity issues. By setting a good example, the G20 countries can inspire other countries to take cybersecurity seriously and help create a safer and more secure global digital environment with greater global economic resilience.
In conclusion, India and the G20 should mainstream cybersecurity into the SDGs to improve the cybersecurity and cyber resilience of low- and middle-income countries, and to protect their citizens and economies from the consequences of cyberattacks. By supporting the development of goals and targets, capacity-building efforts, international cooperation, development of national cybersecurity strategies, and research and development, India and the G20 can help to help increase cyber resilience and promote safe and secure digital transformation across the world. The SDGs’ ultimate success in reducing poverty, attaining gender equality, and taking climate action increasingly depends on it.
(This essay is a part of the commentary series on G20-Think20 TF-2: Our Common Digital Future: Affordable, Accessible and Inclusive Digital Public Infrastructure)
