A new edition of the Guide to Developing a National Cybersecurity Strategy is out
A new edition of the Guide to Developing a National Cybersecurity Strategy sets out updated guidance for governments on planning, implementing, and reviewing national cybersecurity policies. The document reflects a multistakeholder effort involving international organisations, public institutions, the private sector, academia, and civil society.
The International Telecommunication Union and the World Bank have released the third edition of the Guide to Developing a National Cybersecurity Strategy, an updated reference document intended to support governments in strengthening their national approaches to cybersecurity.
The Guide is the result of a broad multistakeholder process that brought together thirty-seven contributors from intergovernmental and international organisations, the private sector, academia, and civil society, with the European Union Agency for Cybersecurity participating as an observer. According to the publication, this collaborative approach is intended to reflect the diversity of institutional roles involved in national cybersecurity policy and capacity-building.
First published in 2018 and updated in 2021, the Guide has been widely used by policymakers developing national cybersecurity strategies. The 2025 edition notes a steady increase in the number of countries adopting such strategies, with many now undergoing revisions. The updated text responds to this trend by focusing more explicitly on implementation, long-term sustainability, and continuous review.
The Guide frames cybersecurity as a prerequisite for effective digital transformation and socioeconomic development. It argues that digital infrastructure and services cannot deliver lasting public value without adequate protection, resilience, and trust. Cybersecurity is therefore presented as a strategic policy issue that intersects with economic planning, governance, and public service delivery, rather than as a purely technical concern.
A core element of the publication is its lifecycle-based framework for national cybersecurity strategies. This framework covers six phases, from initiation and stocktaking to implementation, monitoring, and evaluation. The aim is to support governments in moving beyond strategy drafting towards sustained execution, with clearly defined responsibilities, governance structures, and accountability mechanisms.
Compared with earlier editions, the third edition places stronger emphasis on sustainable funding and resource planning. It encourages governments to integrate cybersecurity into national budgeting and investment frameworks and to plan for long-term operational costs, workforce development, and periodic updates. The Guide also emphasises the importance of using indicators and conducting regular reviews to ensure that strategies remain aligned with evolving risks and technologies.
The document further expands guidance on risk management, incident response, critical infrastructure protection, legislation, capacity-building, and international cooperation. Throughout, it stresses inclusiveness, proportionality, and respect for fundamental rights, and encourages the involvement of non-governmental stakeholders at all stages of the strategy lifecycle.
Presented as a flexible reference rather than a prescriptive template, the Guide is intended to help national leaders and policymakers adapt cybersecurity strategies to their specific contexts, while drawing on shared international experience and established good practices
