Featuring: Vytautas Kaziukonis, CEO of Surfshark
Countries worldwide are strengthening their cybersecurity frameworks — implementing new legal processes, regulations and data protection laws to safeguard citizens. However, despite these framework implementations, many businesses are still vulnerable to cyberthreats. This disconnect raises the question: what role does a country’s e-security play in business cybersecurity?
Understanding national electronic security
National electronic security, or e-security, reflects a country’s readiness to fight cybercrime and protect online privacy.
Factors that are considered when evaluating a country’s e-security include its legal frameworks, national cybersecurity strategy, incident response strategies, crisis management strategies and public education resources and training programs.
Other considerations include the country’s security of power grids and communication networks against cyberthreats, adherence to international cybersecurity standards, development of cybersecurity measures through collaboration between the government and private sector, and investment in cyberthreat research and development.
For example, we calculated e-security scores in our Digital Quality of Life (DQL) study using two external sources:
- The National Cyber Security Index (NCSI), developed by the e-Governance Academy Foundation, which considers various aspects, including a country’s cybersecurity policy development and crisis management;
- The data protection laws map by the Commission Nationale de l’Informatique et des Libertés (CNIL), which considers the level of data protection in each country.
Legal frameworks like GDPR play a crucial role in a country’s e-security, and a robust legal system can work as a foundation for preventing certain cyber incidents or mitigating their impact. However, it doesn’t make a country, especially its private business sector, immune to cyberthreats.
The reality of corporate cybersecurity
As technology advances, so does cybercrime. Because of that, online security has become too complex and ever-evolving. With cyberthreats increasing and becoming more sophisticated than ever, it’s essential to recognize the dangers that highlight why companies should take their online security measures seriously.
A 2024 study by cybersecurity vendor Netwrix found that 79% of surveyed organizations experienced some type of cyberattack, and about 59% of organizations surveyed by Statista experienced a ransomware attack. Notably, France holds the third position in our DQL study but tops Statista’s list for ransomware incidents among companies in 2024, with 74% of respondents reporting that such attacks have targeted them.
Companies frequently suffer data breaches, leaking large amounts of sensitive information. According to Statista, “as of February 2024, 52% of companies in the United States reported loss of sensitive information.” The reasons behind data breaches are not only human error but also insufficient security practices and targeted cyberattacks.
Statista also estimated that cybercrime had cost around $452.3 billion in the US in 2024 and projected it would cost more than $639 billion in 2025 and $1.82 trillion by 2028.
The model of government being the primary protector of national security has been effective for centuries. However, we’re now in the age of the internet, and private companies hold and manage vast amounts of sensitive data. Naturally, much of the responsibility of cybersecurity shifts to the business sector.
It’s a tricky situation. The government can’t completely keep organizations safe from evolving cyberthreats, and many companies still lack the motivation or infrastructure to effectively do it themselves. Business leaders must take ownership of their cybersecurity, adjust security strategies, and align with national security regulations.
Strengthening companies’ cyber resilience
Although the proportion of IT spending on companies’ security is growing (13.2% in 2024 compared to 8.6% in 2020), many CISOs believe companies must invest more into addressing the ever-evolving cyberthreats. Waiting until the organization is targeted is not an option. Business leaders must act now to build strong company defenses before threats strike.
To build a cyber-resilient culture, companies must evaluate their cybersecurity measures and employee awareness to identify vulnerabilities. Then they must teach employees how to spot and avoid threats through regular cybersecurity training and drills.
Organizations should implement advanced cybersecurity tools at the organizational and personal levels. Backing up their data can allow them to quickly recover after a cyberattack, and they must have a plan on how to respond to an attack. They should consider adopting zero-trust architecture (never trust, always verify) and performing third-party risk assessments for secure vendor relationships. They also need to ensure they’re in alignment with compliance standards.
It’s important to remember that the cyberthreat landscape is constantly changing. Business leaders must remain informed about the current cybersecurity landscape to foresee possible risks and develop better defense plans.
Strong national e-security: beneficial but not sufficient
Operating in a country with strong national e-security can be an advantage for businesses, but it can’t ensure their complete safety. With rising and constantly advancing cybercrime, it’s essential to strengthen organizations against cyberattacks. By prioritizing cybersecurity from the top down, leaders can better protect sensitive data, reduce risk exposure, and build long-term cyber resilience.
This article originally appeared on Forbes.