Serbia Has Undertaken Critical Steps in Cybersecurity, Says First Cybersecurity Capacity Maturity Model Assessment

Serbia performs well across many areas of cybersecurity capacity and has a strong understanding of existing gaps and opportunities for capacity building, according to a new report assessing the country’s cybersecurity. The report, which uses the Cybersecurity Capacity Maturity Model for Nations (CMM) methodology, developed by the Global Cyber Security Capacity Centre (GCSCC) of the University of Oxford, is the first assessment of its kind conducted by the World Bank, with support from the Ministry of Trade, Tourism and Telecommunications.

The assessment found that Serbia has a substantial commitment to addressing the challenges of cybersecurity and highlights the country’s comprehensive cybersecurity policy and legal foundation, which enables Serbia to create protection mechanisms – including the National CERT – that can ensure the resiliency of critical infrastructure across the country. The assessment also revealed that Serbia has substantial capacity to develop cybersecurity expertise – both through professional development and academic channels facilitated by a growing technology industry in the country.

“The Republic of Serbia laid out in detail the key topics of the national cybersecurity strategy, which include incident response, protection of vital ICT systems, and the establishment of competent authorities in charge of information security in the Republic of Serbia. This systemic approach ensures the establishment of a sound overall environment for this field to develop, which we consider to be the basis for efficient digitalization,’’ said Tatjana Matic, Serbia’s Minister of Trade, Tourism and Telecommunications.

“In addition to further improvement of institutional and business cybersecurity, we will focus on raising citizen awareness of the importance of data protection and information security, as cybersecurity is a prerequisite for the development of a sustainable and successful modern digital society and economy.”

The assessment found that a strong industry demand for cybersecurity skills creates challenges for government retention of cybersecurity professionals – an area the study suggests should be addressed. Other areas cited for improvement include strengthening public awareness of the risks to privacy posed by the Internet, as well as further adoption of cybersecurity standards and good practices in both small and large enterprises.

“We congratulate Serbia on successfully completing the CMM assessment, which will provide a benchmark for measuring the future advancement of cybersecurity and serve as a building block for a national consensus on a cybersecurity status-quo and future actions. We would like to commend Serbia for publishing the report, which will be a useful reference for both national and international stakeholders to understand the state of cybersecurity in Serbia,” said Stephen Ndegwa, World Bank’s Country Manager for Serbia.

The CMM aims to enable governments to benchmark cybersecurity capacity across five dimensions:

cybersecurity policy and strategy;
cyber culture and society;
cybersecurity education, training and skills;
legal and regulatory frameworks; and
standards, organisations and technologies.
The GCSCC and its strategic international partners have deployed the CMM in more than 80 countries around the world.

“This was the tenth country in Europe that did a CMM review and it provided us with very interesting insights into our research on the maturity of cybersecurity capacity across the world. The gaps that the researchers have identified provide evidence for important needs which are not only specific to Serbia but which could also be observed in other countries in around the globe, but in particular in the Western Balkan region.” said Professor Michael Goldsmith, Co-Director of the GCSCC.

“We hope that this report will offer a comprehensive and useful understanding of Serbia’s capacity and that the recommendations will contribute to the on-going work to enhance cybersecurity capacity across all five dimensions of the CMM”.

This assessment was conducted under the Global Cybersecurity Capacity Program II, financed by Korea’s Ministry of Economy and Finance, through the Korea-World Bank Group Partnership Facility (KWPF), which is administered by the World Bank. As part of this Program, the country also benefited from a capacity-building workshop delivered in November by the Global Cybersecurity Center for Development (GCCD), part of Korea’s Internet & Security Agency (KISA). The two-week long online workshop in November-December 2020 convened numerous local cybersecurity experts, who were exposed to cutting-edge knowledge on cybersecurity from the Republic of Korea.

“We hope this online seminar can help Serbian cybersecurity personnel and serve as a bridge to deepen cybersecurity cooperation between Korea and Serbia. KISA will keep moving forward to expand global cooperation by sharing Korea’s experiences and our examples of cyber incident responses,” said Kwanghee Choi, Director of KISA.