Zurich has produced a “national-level” digital resilience action plan in collaboration with the Cyber Threat Alliance and CyberGreen Institute.

The plan features six key metrics and an institutional framework for governments to clarify national cyber risk, strengthen resilience and enable informed policy decisions.

The metrics assess a country’s cyber resilience and include factors such as ability to contain a digital breach, percentage of organisations with cyber insurance and capacity to safeguard assets.

“Much work has been dedicated to the corporate level,” Zurich and the institute said in a report outlining the action plan.

“However, national-level cybersecurity metrics that enable governments to make informed policy decisions remain largely absent. This is a strategic opportunity to reduce systemic risk, improve cyber resilience, and enable smarter policy and investment decisions.”

The report says effective metrics at the national level create better conditions for all parts of the economy, helping to protect critical infrastructure and SMEs – the “backbone of the economy”.

The report says in a cyber event, the proposed metrics “could further help determine whether crucial trigger points or thresholds … were met or surpassed. This, in turn, could be used to classify cyber events according to the extent of their catastrophic consequences, similar to how the Richter scale allows a comparison and classification of the size of earthquakes.”