Over the last two decades, people worldwide have benefitted from the growth and adoption of information and communication technologies (ICTs) and associated socio-economic and political opportunities. Digital transformation can be a powerful enabler of inclusive and sustainable development, but only if the underlying infrastructure and services that depend on it are safe, secure, and resilient. To reap the benefits and manage the challenges of digitalization, countries need to frame the proliferation of ICT-enabled infrastructures and services within a comprehensive national cybersecurity strategy.

To help governments in this endeavour, a consortium of partner organisations jointly developed and published the first Guide to Developing a National Cybersecurity Strategy (NCS) in 2018. Since then, the number of national cybersecurity strategies or frameworks worldwide has increased significantly. In 2018, only 76 countries had adopted a strategy while today more than 127 countries have such strategies in place, and many have used the Guide as a reference and blueprint.1

However, the fast-changing nature of cyberspace, the increased dependency on ICT, and the proliferation of digital risks all call for continuous improvements to national cybersecurity strategies. Most countries have both accelerated their digital transformation and become increasingly concerned about the immediate and future threats to their critical services, infrastructures, sectors, institutions, and businesses, as well as to international peace and security, that could result from the misuse of digital technologies and inadequate resilience. This second edition of the Guide could not come at a more critical time. The updated content reflects the complex and evolving nature of cyberspace, as well as the main trends that can impact cybersecurity and should, therefore, be included into national strategic planning. The objective of the Guide is to instigate strategic thinking and continue supporting national leaders and policy-makers in the ongoing development, establishment, and implementation of such national cybersecurity strategies and policies. We are confident that this new Guide will serve as a useful tool for all stakeholders with cybersecurity responsibilities.

As in the previous edition, this Guide is the result of a unique, collaborative, and equitable multi-stakeholder cooperation effort among partners working in the field of national cybersecurity strategies, policies, and cyber capacitybuilding. Twenty expert organisations from the public and private sectors, as well as academia and civil society, shared their experience, knowledge, and expertise to produce this updated Guide, which draws from existing know-how from the participating organisations, as well as references to complementary publications and other available resources.

We would like to express our gratitude to the partners involved for their invaluable support and commitment in making this project a great achievement as a concrete example of a successful multistakeholder collaboration. We want to encourage this partnership to continue to collaborate and we look forward to working even more closely with governments, regional and international bodies, law enforcement, academia, the private sector, civil society, and the United Nations entities to promote strategic reflections on cybersecurity, cyber capacity-building, and cyber resilience.

Disclaimer: This publication was first published by the National Cybersecurity Strategy here. The findings, interpretations, and conclusions expressed in this publication do not necessarily reflect the views of the Contributors, their secretariats or their governing bodies. The Contributors do not guarantee the accuracy of the data included in this work. The boundaries, colours, denominations, and other information shown on any graphic or chart in this work do not imply any judgment on the part of the IGOs concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Nothing herein shall constitute or be considered to be a limitation upon or waiver of the privileges and immunities to which certain Contributors are entitled under national laws and international agreements, all of which are specifically reserved